{"id":406,"name":"lxml","ecosystem":"pip","repository_url":"https://github.com/lxml/lxml","issues_count":2139,"created_at":"2025-06-06T15:01:34.351Z","updated_at":"2025-06-06T15:01:34.351Z","purl":"pkg:pypi/lxml","metadata":{"id":2792383,"name":"lxml","ecosystem":"pypi","description":"Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.","homepage":"https://lxml.de/","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/lxml/lxml","keywords_array":[],"namespace":null,"versions_count":169,"first_release_published_at":"2006-03-21T10:40:07.000Z","latest_release_published_at":"2025-04-23T01:44:29.000Z","latest_release_number":"5.4.0","last_synced_at":"2025-06-06T06:02:21.392Z","created_at":"2022-04-10T11:31:26.838Z","updated_at":"2025-06-06T06:02:21.393Z","registry_url":"https://pypi.org/project/lxml/","install_command":"pip install lxml --index-url https://pypi.org/simple","documentation_url":"https://lxml.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","Intended Audience :: Information Technology","License :: OSI Approved :: BSD License","Operating System :: OS Independent","Programming Language :: C","Programming Language :: Cython","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.6","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Topic :: Software Development :: Libraries :: Python Modules","Topic :: Text Processing :: Markup :: HTML","Topic :: Text Processing :: Markup :: XML"],"normalized_name":"lxml"},"repo_metadata":{"id":1386644,"uuid":"1353927","full_name":"lxml/lxml","owner":"lxml","description":"The lxml XML toolkit for Python","archived":false,"fork":false,"pushed_at":"2025-05-13T04:19:22.000Z","size":20962,"stargazers_count":2835,"open_issues_count":15,"forks_count":582,"subscribers_count":83,"default_branch":"master","last_synced_at":"2025-05-27T00:02:14.722Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://lxml.de/","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lxml.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGES.txt","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"scoder","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":"pypi/lxml","community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2011-02-11T05:43:11.000Z","updated_at":"2025-05-26T19:28:31.000Z","dependencies_parsed_at":"2023-10-16T02:59:50.607Z","dependency_job_id":"26883f6d-9578-4b90-9c90-53c6be5a0d2e","html_url":"https://github.com/lxml/lxml","commit_stats":{"total_commits":6090,"total_committers":166,"mean_commits":36.68674698795181,"dds":0.4824302134646963,"last_synced_commit":"7be20eb3931010b42dfa81427c45fa716f52954c"},"previous_names":[],"tags_count":148,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lxml","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257352266,"owners_count":22533023,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"lxml","name":"lxml","uuid":"612230","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/612230?v=4","repositories_count":5,"last_synced_at":"2025-05-29T00:20:20.537Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/lxml","funding_links":[],"total_stars":2893,"followers":44,"following":0,"created_at":"2022-11-02T16:31:24.483Z","updated_at":"2025-05-29T00:20:20.537Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lxml","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lxml/repositories"},"tags":[{"name":"lxml-5.4.0","sha":"6e76d57af83d59d7a0456fd5889e392a7b366b43","kind":"tag","published_at":"2025-04-22T12:15:30.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.4.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.4.0/manifests"},{"name":"lxml-5.3.2","sha":"820db896be83f72f1cb653981362c682c8fc0d1f","kind":"tag","published_at":"2025-04-05T08:13:09.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.3.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.3.2/manifests"},{"name":"lxml-5.3.1","sha":"1dd500100ff79217553bec0d1218bdde3e0ce0fc","kind":"tag","published_at":"2025-02-09T13:39:36.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.3.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.3.1/manifests"},{"name":"lxml-5.3.0","sha":"475f4ab305d3b6eccb0520e9298a6cf829ffcf75","kind":"tag","published_at":"2024-08-10T04:22:29.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.3.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.3.0/manifests"},{"name":"lxml-5.2.2","sha":"8e4b14cbee88e1b04d7c49d29b2e593a37cdf80e","kind":"tag","published_at":"2024-05-12T10:08:08.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.2.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.2.2/manifests"},{"name":"lxml-5.2.1","sha":"47f94ff45551670e167dda2d7b9b205bbdbe0466","kind":"tag","published_at":"2024-04-02T08:02:36.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.2.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.2.1/manifests"},{"name":"lxml-5.2.0","sha":"a8ab41dc88f7adec8532a039d80ef292499d57bf","kind":"tag","published_at":"2024-03-30T21:14:08.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.2.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.2.0/manifests"},{"name":"lxml-5.1.1","sha":"3299a7e8154a2c010754a969348cd0a3858282a0","kind":"tag","published_at":"2024-03-28T17:49:19.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.1.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.1/manifests"},{"name":"lxml-5.0.2","sha":"d2fca62352fc526989beb0f46e59b3f1dd75c0e0","kind":"tag","published_at":"2024-03-28T17:47:39.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.0.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.2/manifests"},{"name":"lxml-5.1.0-2","sha":"f466da4ebdbb69d5436ee91a0eaf45b7105e9530","kind":"tag","published_at":"2024-01-10T11:07:10.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.1.0-2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.1.0-2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.0-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.0-2/manifests"},{"name":"lxml-5.0.1-1","sha":"12e4da6dfb86910d2bb8d35321dacf949f8320df","kind":"tag","published_at":"2024-01-08T20:27:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.0.1-1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.0.1-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.1-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.1-1/manifests"},{"name":"lxml-5.1.0-1","sha":"3ef7def9822ebae8e70d381aace0b398a9765908","kind":"tag","published_at":"2024-01-05T22:00:22.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.1.0-1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.1.0-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.0-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.0-1/manifests"},{"name":"lxml-5.1.0","sha":"82a42601e3a7f1a44aadc5a948c2b6fde3e0e407","kind":"tag","published_at":"2024-01-05T13:49:00.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.1.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.1.0/manifests"},{"name":"lxml-5.0.1","sha":"eb5cd981685850d1f99d99c36ade323d3008574f","kind":"tag","published_at":"2024-01-05T13:41:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.0.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.1/manifests"},{"name":"lxml-5.0.0-1","sha":"7ebda90211052233b9c8bb3723f1d84f57f45e56","kind":"tag","published_at":"2023-12-29T20:27:41.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.0.0-1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.0.0-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.0-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.0-1/manifests"},{"name":"lxml-5.0.0","sha":"73fa11564a8cb814a9da7400449e65790a25105e","kind":"tag","published_at":"2023-12-29T13:31:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-5.0.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-5.0.0/manifests"},{"name":"lxml-4.9.4","sha":"d7f33d6d5bd92cfd3a390d25e306e66487222402","kind":"tag","published_at":"2023-12-19T10:13:56.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.4/manifests"},{"name":"lxml-4.9.3-3","sha":"09070ceab1607bbf59436052ad6327ea5deb9eb3","kind":"tag","published_at":"2023-07-10T15:56:47.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.3-3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.3-3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3-3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3-3/manifests"},{"name":"lxml-4.9.3-2","sha":"afcdbc9a7f68abde4204601638a8c18d86f746c3","kind":"tag","published_at":"2023-07-10T08:55:59.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.3-2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.3-2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3-2/manifests"},{"name":"lxml-4.9.3-1","sha":"0cd3d8aeec0c93d1617e7209c80026b693290f62","kind":"tag","published_at":"2023-07-06T13:05:26.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.3-1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.3-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3-1/manifests"},{"name":"lxml-4.9.3","sha":"15936e95e52cf1abcaee6a506291219a9638e781","kind":"tag","published_at":"2023-07-05T08:14:11.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.3/manifests"},{"name":"lxml-4.9.2","sha":"c17c1ca0496fbde3827c01cecd6a37d848142772","kind":"tag","published_at":"2022-12-13T19:27:23.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.2/manifests"},{"name":"lxml-4.9.1","sha":"d01872ccdf7e1e5e825b6c6292b43e7d27ae5fc4","kind":"tag","published_at":"2022-07-01T19:20:01.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.1/manifests"},{"name":"lxml-4.9.0","sha":"b224e0f69dde58425d1077e07d193d19d3f803a9","kind":"tag","published_at":"2022-05-31T19:25:23.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.9.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.9.0/manifests"},{"name":"lxml-4.8.0","sha":"e82c9153c4a7d505480b94c60b9a84d79d948efb","kind":"tag","published_at":"2022-02-17T11:08:06.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.8.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.8.0/manifests"},{"name":"lxml-4.7.1","sha":"745ac2685ca05c67afbf2a1dde24e4d48bd86dcd","kind":"tag","published_at":"2021-12-13T13:28:05.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.7.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.7.1/manifests"},{"name":"lxml-4.7.0","sha":"5c4f6a23d5758ec66cfe22b082a40c2e08df4658","kind":"tag","published_at":"2021-12-12T21:38:56.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.7.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.7.0/manifests"},{"name":"lxml-4.6.5","sha":"a9611ba80bc5196c1dd07a0b1964fcb603695d63","kind":"tag","published_at":"2021-12-12T14:24:01.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.5/manifests"},{"name":"lxml-4.7.0-pre","sha":"982f8d5612925010a12a70748a077af846def6be","kind":"tag","published_at":"2021-11-05T09:35:20.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.7.0-pre","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.7.0-pre","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.7.0-pre","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.7.0-pre/manifests"},{"name":"lxml-4.6.4-5","sha":"24a459910130afc8a16bdecdde35ca9d5aa47f1d","kind":"tag","published_at":"2021-11-02T19:29:44.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.4-5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.4-5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-5/manifests"},{"name":"lxml-4.6.4-4","sha":"b232e1987408e76fb6450f1a476dbab0377c92e8","kind":"tag","published_at":"2021-11-02T19:01:08.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.4-4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.4-4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-4/manifests"},{"name":"lxml-4.6.4-3","sha":"667f4b47995e0d4cc9b8c20ead1709810c9965d0","kind":"tag","published_at":"2021-11-02T15:50:21.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.4-3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.4-3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-3/manifests"},{"name":"lxml-4.6.4-2","sha":"03c3f10f517c72a233241dcfafb8d3429d3e44c8","kind":"tag","published_at":"2021-11-02T15:12:07.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.4-2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.4-2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-2/manifests"},{"name":"lxml-4.6.4-1","sha":"ae377082fea8520fb1a3a76746c44424d2c1fa0c","kind":"tag","published_at":"2021-11-02T14:20:05.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.4-1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.4-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4-1/manifests"},{"name":"lxml-4.6.4","sha":"bbee1e900d46bb7044dedf67455f29433aa385ac","kind":"tag","published_at":"2021-11-02T12:54:44.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.4/manifests"},{"name":"lxml-4.6.3","sha":"a5f9cb52079dc57477c460dbe6ba0f775e14a999","kind":"tag","published_at":"2021-03-21T14:11:52.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.3/manifests"},{"name":"lxml-4.6.2","sha":"4cb57362deb23bca0f70f41ab1efa13390fcdbb1","kind":"tag","published_at":"2020-11-26T20:58:39.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.2/manifests"},{"name":"lxml-4.6.1","sha":"61432a8489657744ed32367ed9fb17fafe405d8e","kind":"tag","published_at":"2020-10-18T08:08:33.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.1/manifests"},{"name":"lxml-4.6.0","sha":"2d88783eb95a5f58ba51c946bacfab07fa572ca0","kind":"tag","published_at":"2020-10-17T09:46:04.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.6.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.6.0/manifests"},{"name":"lxml-4.5.2","sha":"076c6740da7236ae6558436835b828da419f6476","kind":"tag","published_at":"2020-07-09T18:20:11.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.5.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.5.2/manifests"},{"name":"lxml-4.5.1","sha":"0ce08858a824a0a4fae4102af849a8fbf7bcad6f","kind":"tag","published_at":"2020-05-19T08:53:55.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.5.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.5.1/manifests"},{"name":"lxml-4.5.0","sha":"8d23c0caa4aee4f36ba553ad58bb506a14d2b33a","kind":"tag","published_at":"2020-01-29T09:31:51.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.5.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.5.0/manifests"},{"name":"lxml-4.4.3","sha":"78c346448b7b738dfe180ea3150cc4b789358f10","kind":"tag","published_at":"2020-01-28T13:37:42.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.4.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.3/manifests"},{"name":"lxml-4.4.2","sha":"589c3c2f35e89fec66aa7f4bec2eb2755033b2b2","kind":"tag","published_at":"2019-11-25T08:54:05.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.4.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.2/manifests"},{"name":"lxml-4.4.1","sha":"1781e48f8e51bb3eba8e31c3d7fbc47b4acfae26","kind":"tag","published_at":"2019-08-11T08:26:32.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.4.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.1/manifests"},{"name":"lxml-4.4.0","sha":"ca90c24282fd0aadeda15fd853468229b46c1b9e","kind":"tag","published_at":"2019-07-27T07:05:06.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.4.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.4.0/manifests"},{"name":"lxml-4.3.5","sha":"1848047e2724a01a16d54029e013316617285491","kind":"tag","published_at":"2019-07-27T05:36:08.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.3.5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.5/manifests"},{"name":"lxml-4.3.4","sha":"6156d61ca53cadfd6b3d1b2908af518174997039","kind":"tag","published_at":"2019-06-10T04:47:07.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.3.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.4/manifests"},{"name":"lxml-4.3.3","sha":"e2d97468f3cea7b7fb11399732705d9f688c3c6d","kind":"tag","published_at":"2019-03-26T13:10:56.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.3.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.3/manifests"},{"name":"lxml-4.3.2","sha":"f2981e643b5b5a56089146bd5a093ecf7526dc12","kind":"tag","published_at":"2019-02-28T19:58:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.3.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.2/manifests"},{"name":"lxml-4.3.1","sha":"642a41bdc3aae05f52ccf32981c429c7d3789f63","kind":"commit","published_at":"2019-02-08T19:28:15.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.3.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.1/manifests"},{"name":"lxml-4.3.0","sha":"7303cadd01b81fceb40f74148a5b9b6178936768","kind":"commit","published_at":"2019-01-04T15:29:32.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.3.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.3.0/manifests"},{"name":"lxml-4.2.6","sha":"1dd26eb772abd58ae3aea596800ed0cd612cf145","kind":"tag","published_at":"2019-01-02T17:17:40.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.6","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.6/manifests"},{"name":"lxml-4.2.6-win1","sha":"1dd26eb772abd58ae3aea596800ed0cd612cf145","kind":"commit","published_at":"2019-01-02T17:15:09.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.6-win1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.6-win1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.6-win1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.6-win1/manifests"},{"name":"lxml-4.2.5","sha":"1dee355e83b1f524de7a772a8da941a186036bc2","kind":"commit","published_at":"2018-09-09T15:16:33.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.5/manifests"},{"name":"lxml-4.2.4","sha":"5578c4d5d90a49d581112adac13e4cca54978c69","kind":"commit","published_at":"2018-08-03T16:44:06.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.4/manifests"},{"name":"lxml-4.2.3-win","sha":"eb445d0f7e155d5919b990ca81992a328be38813","kind":"commit","published_at":"2018-06-27T16:36:02.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.3-win","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.3-win","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.3-win","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.3-win/manifests"},{"name":"lxml-4.2.3","sha":"995a804444dddbad339e1ae11fd12fa7d0a653bb","kind":"commit","published_at":"2018-06-27T16:01:55.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.3/manifests"},{"name":"lxml-4.2.2","sha":"065cd904e2e4211a3356b531b0dbcfebbd408903","kind":"commit","published_at":"2018-06-22T18:43:35.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.2/manifests"},{"name":"lxml-4.2.1","sha":"5653058f940e3be686a97489d7ff004640fdfe27","kind":"commit","published_at":"2018-03-21T20:29:01.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.1/manifests"},{"name":"lxml-4.2.0","sha":"4fd86ebeb11d859827cc7eae419488020a29bbc0","kind":"commit","published_at":"2018-03-13T20:12:59.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.2.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.2.0/manifests"},{"name":"lxml-4.1.1","sha":"14705c659d35ec1a86fcad9dfca0137a55112b7d","kind":"commit","published_at":"2017-11-04T06:53:39.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.1.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.1.1/manifests"},{"name":"lxml-4.1.0","sha":"ba11df65439f62728367bffcd14ed351f064b563","kind":"commit","published_at":"2017-10-13T15:22:59.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.1.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.1.0/manifests"},{"name":"lxml-4.0.0","sha":"f83f1404011a2db268b0d9fe838c77f128642520","kind":"commit","published_at":"2017-09-17T07:52:54.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-4.0.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-4.0.0/manifests"},{"name":"lxml-3.8.0-py27fix","sha":"7cdfc401e54194f45ac8fe258d922d8407fdc519","kind":"commit","published_at":"2017-06-12T14:39:21.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.8.0-py27fix","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.8.0-py27fix","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.8.0-py27fix","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.8.0-py27fix/manifests"},{"name":"lxml-3.8.0","sha":"3fcd59c91f9bdc13e1054398a95a0e5819210628","kind":"commit","published_at":"2017-06-03T17:36:39.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.8.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.8.0/manifests"},{"name":"lxml-3.7.2","sha":"1cd159ef1fa6c13f9f21ddf9d69385b686b384a1","kind":"commit","published_at":"2017-01-08T14:47:57.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.7.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.7.2/manifests"},{"name":"lxml-3.7.1","sha":"c667651a02ff8b206fa3af7e5e0cf17dac2f1176","kind":"commit","published_at":"2016-12-23T18:58:22.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.7.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.7.1/manifests"},{"name":"lxml-3.7.0","sha":"826ca604eccdf6f325c1c161e73132e765bb3855","kind":"commit","published_at":"2016-12-10T15:45:56.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.7.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.7.0/manifests"},{"name":"lxml-3.6.4","sha":"0151ad50249ed059d6ba2856882f379fd37a4795","kind":"commit","published_at":"2016-08-20T04:40:58.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.6.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.4/manifests"},{"name":"lxml-3.6.3","sha":"70c1aa3b667afc39da69e1258ad4e36fa45cf3d0","kind":"commit","published_at":"2016-08-18T18:33:05.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.6.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.3/manifests"},{"name":"lxml-3.6.2","sha":"3b87120a90ae12aa69b8ffa394fababe595d0e34","kind":"commit","published_at":"2016-08-18T14:24:04.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.6.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.2/manifests"},{"name":"lxml-3.6.1","sha":"2fae19478d87dfdcaed23ed63b7f64b2ab8c0dc7","kind":"commit","published_at":"2016-07-24T08:26:05.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.6.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.1/manifests"},{"name":"lxml-3.6.0","sha":"79637c7c245f6439cc4b85817b12826483e3e8d5","kind":"commit","published_at":"2016-03-17T12:57:36.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.6.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.6.0/manifests"},{"name":"lxml-3.5.0","sha":"b00892ed4ac551c39ff7ba42ff55524ad2516028","kind":"commit","published_at":"2015-11-13T07:46:34.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.5.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.5.0/manifests"},{"name":"lxml-3.5.0b1","sha":"717942131fe47584c45800970758d9b46ee077ff","kind":"commit","published_at":"2015-09-18T07:17:02.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.5.0b1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.5.0b1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.5.0b1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.5.0b1/manifests"},{"name":"lxml-3.4.4","sha":"525541fc94ab8e4ea3b938d40e2d7b9b1e0d4eb2","kind":"commit","published_at":"2015-04-25T14:09:22.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.4.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.4/manifests"},{"name":"lxml-3.4.3","sha":"fe7dfaa133ec963a5173169993d464c324640f87","kind":"commit","published_at":"2015-04-15T17:27:09.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.4.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.3/manifests"},{"name":"lxml-3.4.2","sha":"c1dfce0462b3bf3930938f5d08b8f0188803efcf","kind":"commit","published_at":"2015-02-07T19:45:54.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.4.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.2/manifests"},{"name":"lxml-3.4.1","sha":"55b7af55eeb50abab9ca6d251d6137607849d6a1","kind":"commit","published_at":"2014-11-20T18:42:52.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.4.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.1/manifests"},{"name":"lxml-3.4.0","sha":"14505bc62f5f1fc9fb0ff007955f3e67ab4562bb","kind":"commit","published_at":"2014-09-10T16:57:25.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.4.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.0/manifests"},{"name":"lxml-3.4.0beta1","sha":"638b9ce006ba32e46a09101e15c93ee94649a2ae","kind":"commit","published_at":"2014-09-05T13:16:46.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.4.0beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.4.0beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.0beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.4.0beta1/manifests"},{"name":"lxml-3.3.6","sha":"4c8e222b6704b78381bdcaa5f6d3abf1d041d0b4","kind":"commit","published_at":"2014-08-28T14:11:16.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.6","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.6/manifests"},{"name":"lxml-3.3.5","sha":"32337d2a820d77768de8f8b082119bf79c86ef93","kind":"commit","published_at":"2014-04-18T06:52:37.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.5/manifests"},{"name":"lxml-3.3.4","sha":"076efc798ee7eae048d9ee764f30e2980a7c870f","kind":"commit","published_at":"2014-04-03T19:45:31.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.4/manifests"},{"name":"lxml-3.3.3","sha":"5ad64a7b6882fdf1d034e319e956ff53d1f85ac1","kind":"commit","published_at":"2014-03-04T16:26:09.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.3/manifests"},{"name":"lxml-3.3.2","sha":"e65717efb3ebca0ee62297c79e38f79ba5353da5","kind":"commit","published_at":"2014-02-26T19:35:55.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.2/manifests"},{"name":"lxml-3.3.1","sha":"3f8cba77030383ad52e45263d416e903ad2bea4d","kind":"commit","published_at":"2014-02-12T08:49:06.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.1/manifests"},{"name":"lxml-3.3.0","sha":"dcfaf4311fdab59706dc7084c47af44c40cbb4bd","kind":"commit","published_at":"2014-01-26T06:59:48.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0/manifests"},{"name":"lxml-3.3.0beta5","sha":"9a8ccef6860ba2c80392d4e2ebdf14c487913ef4","kind":"commit","published_at":"2014-01-18T06:56:23.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.0beta5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.0beta5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta5/manifests"},{"name":"lxml-3.3.0beta4","sha":"dd0bbe36408fe1a49f278f368e8e76aff8e075bf","kind":"commit","published_at":"2014-01-12T14:00:03.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.0beta4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.0beta4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta4/manifests"},{"name":"lxml-3.3.0beta3","sha":"a7a7b6b471345ed981489da15448625f03671f2c","kind":"commit","published_at":"2014-01-02T15:17:51.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.0beta3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.0beta3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta3/manifests"},{"name":"lxml-3.2.5","sha":"4bbc11f847dfc30c783c0d54103efe37ebaa090d","kind":"commit","published_at":"2014-01-02T14:44:31.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.2.5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.5/manifests"},{"name":"lxml-3.3.0beta2","sha":"81d0036486d4ce81bdd86774ea95d002fdd6d0e1","kind":"commit","published_at":"2013-12-20T11:07:36.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.0beta2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.0beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta2/manifests"},{"name":"lxml-3.3.0beta1","sha":"91f5e8b3c7bbc3051cb78d242a63164c1f2e38ba","kind":"commit","published_at":"2013-12-12T19:10:11.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.3.0beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.3.0beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.3.0beta1/manifests"},{"name":"lxml-3.2.4","sha":"f07ca33d53618d96c5752b2e35e3464c5bdc2a58","kind":"commit","published_at":"2013-11-07T16:40:40.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.2.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.4/manifests"},{"name":"lxml-3.2.3","sha":"96b62dd29fb402e55b12255fe9ac7120c9f87742","kind":"commit","published_at":"2013-07-28T11:58:46.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.2.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.3/manifests"},{"name":"lxml-3.2.2","sha":"f8192a702e6bdd4388ab0bcf1242f01d580f7810","kind":"commit","published_at":"2013-07-28T11:12:27.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.2.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.2/manifests"},{"name":"lxml-3.2.1","sha":"90afe19b11c4fd1df8998b254d8a60b550aa56d0","kind":"commit","published_at":"2013-05-11T21:29:02.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.2.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.1/manifests"},{"name":"lxml-3.2.0","sha":"8fc99f8ef3e2f12e74fb407ae62c5db50cfe7b92","kind":"commit","published_at":"2013-04-28T18:42:33.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.2.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.2.0/manifests"},{"name":"lxml-3.1.2","sha":"76c9042511bfee787efad2d2f5cbdb850c01fbd6","kind":"commit","published_at":"2013-04-12T05:14:28.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.1.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1.2/manifests"},{"name":"lxml-3.1.1","sha":"98c8562f7d659b49997c136947afdf6bf835d5ab","kind":"commit","published_at":"2013-03-29T20:54:23.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.1.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1.1/manifests"},{"name":"lxml-3.1.0","sha":"633436c0f352c33daa94cd62d1ddd0d13ea9c247","kind":"commit","published_at":"2013-02-10T15:48:59.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.1.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1.0/manifests"},{"name":"lxml-3.1beta1","sha":"ca93d61264654b724e6ca57ecefbb294cef86007","kind":"commit","published_at":"2012-12-21T21:56:14.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.1beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.1beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.1beta1/manifests"},{"name":"lxml-3.0.2","sha":"a5525afb27e1227ccb0245c14d982b95abed0422","kind":"commit","published_at":"2012-12-14T10:23:08.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.0.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0.2/manifests"},{"name":"lxml-3.0.1","sha":"4b2e26fefac767069d32348d2443dae064b6022e","kind":"commit","published_at":"2012-10-14T15:52:19.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.0.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0.1/manifests"},{"name":"lxml-3.0","sha":"bcfbb8226c4cf04d50f2209788ee68cd672fa995","kind":"commit","published_at":"2012-10-08T17:43:51.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0/manifests"},{"name":"lxml-2.3.6","sha":"1f44374e9c4725d05d77d213822c4a50f4ddcfb6","kind":"commit","published_at":"2012-09-28T19:00:18.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3.6","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.6/manifests"},{"name":"lxml-3.0beta1","sha":"26358d2218a84ad8ee89cce64828f907489c43af","kind":"commit","published_at":"2012-09-26T17:48:03.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.0beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.0beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0beta1/manifests"},{"name":"lxml-3.0alpha2","sha":"ff1ba90049003f8badfb0a833125d09d8692af1d","kind":"commit","published_at":"2012-08-23T18:50:56.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.0alpha2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.0alpha2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0alpha2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0alpha2/manifests"},{"name":"lxml-3.0alpha1","sha":"bf47a9747fd5fef3322c7b39445d27d6bd0db7d1","kind":"commit","published_at":"2012-07-31T08:42:27.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-3.0alpha1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-3.0alpha1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0alpha1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-3.0alpha1/manifests"},{"name":"lxml-2.3.5","sha":"46a2dddfcd15b74c4577d8081b52227ebd89eff2","kind":"commit","published_at":"2012-07-31T08:09:29.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3.5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.5/manifests"},{"name":"lxml-2.3.4","sha":"c8cde5d8c85f7405e6bd41cc335cdeffe8563e30","kind":"commit","published_at":"2012-03-26T10:27:32.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3.4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.4/manifests"},{"name":"lxml-2.3.3","sha":"58322e88b9568daa53b73a229c0a2a14fa2b7579","kind":"commit","published_at":"2012-01-04T17:50:56.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.3/manifests"},{"name":"lxml-2.3.2","sha":"4c325e12ae20a600fa59dc9820cf62abc5ca62c9","kind":"commit","published_at":"2011-11-11T15:27:35.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.2/manifests"},{"name":"lxml-2.3.1","sha":"047c32a4eff2479965e429ccabf9ff113cd1257a","kind":"commit","published_at":"2011-09-25T19:05:18.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3.1/manifests"},{"name":"lxml-2.3","sha":"6ef1ba8e441647f78b7a4ab860561e68cbe0c44d","kind":"commit","published_at":"2011-02-06T19:24:04.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3/manifests"},{"name":"lxml-2.3beta1","sha":"a48f8d91f2f724a50d7eb0af908d572362d6c043","kind":"commit","published_at":"2010-09-06T08:42:39.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3beta1/manifests"},{"name":"lxml-2.3alpha2","sha":"de09bbb825739c0df6efddc6e002b37a408c9b02","kind":"commit","published_at":"2010-07-24T20:05:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3alpha2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3alpha2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3alpha2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3alpha2/manifests"},{"name":"lxml-2.3alpha1","sha":"9fad5ea8bdd8303c01f6d5fc2d9ba5fa5ec1905c","kind":"commit","published_at":"2010-06-19T10:04:57.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.3alpha1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.3alpha1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3alpha1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.3alpha1/manifests"},{"name":"lxml-2.2.2","sha":"1de6a9b2b8b1375a58d08caa896db8ac4039b058","kind":"commit","published_at":"2009-06-21T07:37:42.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.2.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.2.2/manifests"},{"name":"lxml-2.2.1","sha":"66f59d14ebf9a8bacda4706fcde3f0c9ffd0943b","kind":"commit","published_at":"2009-06-02T19:14:38.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.2.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.2.1/manifests"},{"name":"lxml-2.2","sha":"0a5b686b7ebd93025732dbd0fe4b4dee55ea4932","kind":"commit","published_at":"2009-03-21T15:01:06.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.2/manifests"},{"name":"lxml-2.1","sha":"322d9b068ec4a3a89dbdeaa311f2941f01d05a89","kind":"commit","published_at":"2008-07-09T12:00:51.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1/manifests"},{"name":"lxml-2.1beta3","sha":"3bc3fbd318dc2f25389df94b5a84326af1c1497e","kind":"commit","published_at":"2008-06-19T16:37:04.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.1beta3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.1beta3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1beta3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1beta3/manifests"},{"name":"lxml-2.1beta2","sha":"ba7f3e588556327616f05e2080fead2d63d2fd7a","kind":"commit","published_at":"2008-05-02T18:18:01.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.1beta2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.1beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1beta2/manifests"},{"name":"lxml-2.1beta1","sha":"3bb2ea015b98c917e3f362a5e61d4798f50397b7","kind":"commit","published_at":"2008-04-15T18:35:40.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.1beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.1beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1beta1/manifests"},{"name":"lxml-2.1alpha1","sha":"7aea95cb3ef2b41eb4b1f828c523cec4f36fa19e","kind":"commit","published_at":"2008-03-27T16:43:21.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.1alpha1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.1alpha1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1alpha1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.1alpha1/manifests"},{"name":"lxml-2.0.1","sha":"9826b4dac26ff02494212404385b62d52f2b7a7d","kind":"commit","published_at":"2008-02-13T21:35:34.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0.1/manifests"},{"name":"lxml-2.0","sha":"8700fbb5b46a2cbe111fc9df2156a61aac8cebcb","kind":"commit","published_at":"2008-02-01T18:01:29.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0/manifests"},{"name":"lxml-2.0beta2","sha":"536ede0ec18084efccc298ace91afe4b1d58e478","kind":"commit","published_at":"2008-01-26T20:10:09.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0beta2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0beta2/manifests"},{"name":"lxml-2.0beta1","sha":"f5fd919e957cf8ffc884137b4aef0a47cbc66741","kind":"commit","published_at":"2008-01-11T14:20:44.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0beta1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0beta1/manifests"},{"name":"lxml-2.0alpha6","sha":"d8a4e4d505ceeeb1192d9b2a5ea3d75f5b61a36f","kind":"commit","published_at":"2007-12-19T11:34:33.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0alpha6","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0alpha6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha6/manifests"},{"name":"lxml-2.0alpha5","sha":"4ae3c1f3ec7adfe9b65e24416b153415368ff0f8","kind":"commit","published_at":"2007-11-25T11:19:13.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0alpha5","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0alpha5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha5/manifests"},{"name":"lxml-2.0alpha4","sha":"c1b351b9c7fba4981bc8324b3d20863cb2fa0696","kind":"commit","published_at":"2007-10-07T20:12:23.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0alpha4","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0alpha4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha4/manifests"},{"name":"lxml-2.0alpha3","sha":"816a730eb5d44e840c6d0c99c8570b78c95e54e3","kind":"commit","published_at":"2007-09-26T13:19:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0alpha3","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0alpha3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha3/manifests"},{"name":"lxml-2.0alpha2","sha":"ed4299b1b40e24ef83a0968505d4463ddb996b83","kind":"commit","published_at":"2007-09-15T21:44:54.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0alpha2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0alpha2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha2/manifests"},{"name":"lxml-2.0alpha1","sha":"96d31fd6c4607fc446c7545383a7c9fe7ce9ee3b","kind":"commit","published_at":"2007-09-02T16:34:07.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-2.0alpha1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-2.0alpha1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-2.0alpha1/manifests"},{"name":"lxml-1.2","sha":"2940d9b6723599da95cf294fe5125e29c9751f7b","kind":"commit","published_at":"2007-02-20T13:02:53.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-1.2","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.2/manifests"},{"name":"lxml-1.1","sha":"efe21228d415486e38fd5849225138eb58208282","kind":"commit","published_at":"2006-09-13T07:32:05.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-1.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.1/manifests"},{"name":"lxml-1.1beta","sha":"d2a31b950eca3ca422e1586775c58ae3fd2a63bf","kind":"commit","published_at":"2006-08-08T19:00:17.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-1.1beta","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-1.1beta","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.1beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.1beta/manifests"},{"name":"lxml-1.1alpha","sha":"ba7ea71cc7a5f89053053352a594340fa3cfc6e6","kind":"commit","published_at":"2006-06-27T07:59:53.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-1.1alpha","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-1.1alpha","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.1alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.1alpha/manifests"},{"name":"lxml-1.0","sha":"38dc947e8d29f3694113c38fd2a11906113fb898","kind":"commit","published_at":"2006-06-01T17:51:39.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-1.0","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.0/manifests"},{"name":"lxml-1.0.beta","sha":"7f8fbe87787d456db9deff86986b0d65247cc697","kind":"commit","published_at":"2006-05-18T11:27:38.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-1.0.beta","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-1.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-1.0.beta/manifests"},{"name":"lxml-0.9","sha":"ac8f3f551da68e72cd4ec901271a4ea40b753d99","kind":"commit","published_at":"2006-03-20T18:51:12.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-0.9","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.9/manifests"},{"name":"lxml-0.7","sha":"7eab217298901501db2dc2522261fb3aef644581","kind":"commit","published_at":"2005-06-15T16:37:32.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-0.7","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.7/manifests"},{"name":"lxml-0.6","sha":"bd8d2806dd74093d91126776b9d4d7c4d6c8377c","kind":"commit","published_at":"2005-05-14T17:14:18.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-0.6","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.6/manifests"},{"name":"lxml-0.5.1","sha":"05970717a529f38fe4e9802e09eb768f43e2a0a5","kind":"commit","published_at":"2005-04-09T19:39:18.000Z","download_url":"https://codeload.github.com/lxml/lxml/tar.gz/lxml-0.5.1","html_url":"https://github.com/lxml/lxml/releases/tag/lxml-0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lxml%2Flxml/tags/lxml-0.5.1/manifests"}]},"repo_metadata_updated_at":"2025-06-03T00:29:20.541Z","dependent_packages_count":4127,"downloads":131415252,"downloads_period":"last-month","dependent_repos_count":115734,"rankings":{"downloads":0.013756243041633729,"dependent_repos_count":0.009170828694422485,"dependent_packages_count":0.00641958008609574,"stargazers_count":2.005843652044086,"forks_count":2.7809620932966745,"docker_downloads_count":0.006786413233872639,"average":0.8038231350661308},"purl":"pkg:pypi/lxml","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxNHYtZjVxNi1tanFx","url":"https://github.com/advisories/GHSA-jq4v-f5q6-mjqq","title":"lxml vulnerable to Cross-Site Scripting ","description":"An XSS vulnerability was discovered in the python `lxml` clean module versions before 4.6.3. When disabling `the safe_attrs_only` and `forms` arguments, the `Cleaner` class does not remove the `formaction` attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in `lxml` 4.6.3.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-03-22T16:53:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2021-28957","https://github.com/lxml/lxml/pull/316","https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270","https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d","https://bugs.launchpad.net/lxml/+bug/1888153","https://pypi.org/project/lxml","https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html","https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999","https://www.debian.org/security/2021/dsa-4880","https://www.oracle.com/security-alerts/cpuoct2021.html","https://security.gentoo.org/glsa/202208-06","https://github.com/advisories/GHSA-jq4v-f5q6-mjqq","https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-19.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ","https://security.netapp.com/advisory/ntap-20210521-0004"],"source_kind":"github","identifiers":["GHSA-jq4v-f5q6-mjqq","CVE-2021-28957"],"repository_url":"https://github.com/lxml/lxml","blast_radius":26.836343106411725,"packages":[{"versions":[{"first_patched_version":"4.6.3","vulnerable_version_range":"\u003c 4.6.3"}],"ecosystem":"pypi","package_name":"lxml"}],"created_at":"2022-12-21T16:12:45.854Z","updated_at":"2024-09-30T16:54:23.000Z","epss_percentage":0.00533,"epss_percentile":0.66111},{"uuid":"GSA_kwCzR0hTQS13cnh2LTJqNXEtbTM4d84AAtHM","url":"https://github.com/advisories/GHSA-wrxv-2j5q-m38w","title":"lxml NULL Pointer Dereference allows attackers to cause a denial of service","description":"NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-07-06T00:00:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-2309","https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f","https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba","https://github.com/lxml/lxml/blob/master/CHANGES.txt","https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml","https://security.gentoo.org/glsa/202208-06","https://github.com/advisories/GHSA-wrxv-2j5q-m38w","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO","https://security.netapp.com/advisory/ntap-20220915-0006"],"source_kind":"github","identifiers":["GHSA-wrxv-2j5q-m38w","CVE-2022-2309"],"repository_url":"https://github.com/lxml/lxml","blast_radius":34.93788064796998,"packages":[{"versions":[{"first_patched_version":"4.9.1","vulnerable_version_range":"\u003c 4.9.1"}],"ecosystem":"pypi","package_name":"lxml"}],"created_at":"2022-12-21T16:12:13.769Z","updated_at":"2024-09-30T20:19:36.000Z","epss_percentage":0.00513,"epss_percentile":0.65419},{"uuid":"GSA_kwCzR0hTQS14cDI2LXA1M2gtNmgycM309Q","url":"https://github.com/advisories/GHSA-xp26-p53h-6h2p","title":"Improper Neutralization of Input During Web Page Generation in LXML","description":"An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-13T01:13:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-19787","https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109","https://lists.debian.org/debian-lts-announce/2018/12/msg00001.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html","https://github.com/advisories/GHSA-xp26-p53h-6h2p","https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2018-12.yaml","https://usn.ubuntu.com/3841-1","https://usn.ubuntu.com/3841-2"],"source_kind":"github","identifiers":["GHSA-xp26-p53h-6h2p","CVE-2018-19787"],"repository_url":"https://github.com/lxml/lxml","blast_radius":26.836343106411725,"packages":[{"versions":[{"first_patched_version":"4.2.5","vulnerable_version_range":"\u003c 4.2.5"}],"ecosystem":"pypi","package_name":"lxml"}],"created_at":"2022-12-21T16:12:16.473Z","updated_at":"2024-09-30T20:17:22.000Z","epss_percentage":0.00807,"epss_percentile":0.72987},{"uuid":"GSA_kwCzR0hTQS01N3F3LWNjMmctcHY1cM4AAX1M","url":"https://github.com/advisories/GHSA-57qw-cc2g-pv5p","title":"lxml Cross-site Scripting Via Control Characters","description":"Incomplete blacklist vulnerability in the `lxml.html.clean` module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the `clean_html` function.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T04:01:59.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2014-3146","http://advisories.mageia.org/MGASA-2014-0218.html","http://lists.opensuse.org/opensuse-updates/2014-05/msg00083.html","http://lxml.de/3.3/changes-3.3.5.html","http://seclists.org/fulldisclosure/2014/Apr/210","http://seclists.org/fulldisclosure/2014/Apr/319","http://www.debian.org/security/2014/dsa-2941","http://www.openwall.com/lists/oss-security/2014/05/09/7","http://www.ubuntu.com/usn/USN-2217-1","https://github.com/lxml/lxml/pull/273","https://github.com/lxml/lxml/commit/3f3082e0a67851cde26a48da3d1f4b75d8aa07ec","https://github.com/lxml/lxml/commit/86e81ab393ba14c1be71284675851a3bdce57d69","https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc","https://web.archive.org/web/20140724172044/http://secunia.com/advisories/58013","https://web.archive.org/web/20140805110535/http://secunia.com/advisories/59008","https://web.archive.org/web/20140806061046/http://secunia.com/advisories/58744","https://web.archive.org/web/20141017122607/https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html","https://web.archive.org/web/20150523055039/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:112/?name=MDVSA-2015:112","https://web.archive.org/web/20200228180542/http://www.securityfocus.com/bid/67159","https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2014-9.yaml","https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html","https://github.com/advisories/GHSA-57qw-cc2g-pv5p"],"source_kind":"github","identifiers":["GHSA-57qw-cc2g-pv5p","CVE-2014-3146"],"repository_url":"https://github.com/lxml/lxml","blast_radius":26.836343106411725,"packages":[{"versions":[{"first_patched_version":"3.3.5","vulnerable_version_range":"\u003c 3.3.5"}],"ecosystem":"pypi","package_name":"lxml"}],"created_at":"2023-08-04T21:05:07.764Z","updated_at":"2024-09-30T17:03:33.000Z","epss_percentage":0.09494,"epss_percentile":0.92388},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnd3cteGY0Ni1oOTJy","url":"https://github.com/advisories/GHSA-pgww-xf46-h92r","title":"lxml vulnerable to Cross-site Scripting","description":"A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-01-07T21:54:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-27783","https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7","https://bugzilla.redhat.com/show_bug.cgi?id=1901633","https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html","https://snyk.io/vuln/SNYK-PYTHON-LXML-1047473","https://www.debian.org/security/2020/dsa-4810","https://advisory.checkmarx.net/advisory/CX-2020-4286","https://www.oracle.com//security-alerts/cpujul2021.html","https://github.com/advisories/GHSA-pgww-xf46-h92r","https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2020-62.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK","https://pypi.org/project/lxml","https://security.netapp.com/advisory/ntap-20210521-0003"],"source_kind":"github","identifiers":["GHSA-pgww-xf46-h92r","CVE-2020-27783"],"repository_url":"https://github.com/lxml/lxml","blast_radius":26.836343106411725,"packages":[{"versions":[{"first_patched_version":"4.6.2","vulnerable_version_range":"\u003c 4.6.2"}],"ecosystem":"pypi","package_name":"lxml"}],"created_at":"2022-12-21T16:13:12.234Z","updated_at":"2025-05-29T01:10:44.794Z","epss_percentage":0.01054,"epss_percentile":0.765},{"uuid":"GSA_kwCzR0hTQS01NXg1LWZqNmMtaDZtOM0a1g","url":"https://github.com/advisories/GHSA-55x5-fj6c-h6m8","title":"lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through","description":"### Impact\nThe HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs.\n\nUsers that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5.\n\n### Patches\nThe issue has been resolved in lxml 4.6.5.\n\n### Workarounds\nNone.\n\n### References\nThe issues are tracked under the report IDs GHSL-2021-1037 and GHSL-2021-1038.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-12-13T18:14:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N","references":["https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8","https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a","https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776","https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0","https://nvd.nist.gov/vuln/detail/CVE-2021-43818","https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html","https://www.debian.org/security/2022/dsa-5043","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://security.gentoo.org/glsa/202208-06","https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44","https://security.netapp.com/advisory/ntap-20220107-0005","https://github.com/advisories/GHSA-55x5-fj6c-h6m8"],"source_kind":"github","identifiers":["GHSA-55x5-fj6c-h6m8","CVE-2021-43818"],"repository_url":"https://github.com/lxml/lxml","blast_radius":31.899804069885636,"packages":[{"versions":[{"first_patched_version":"4.6.5","vulnerable_version_range":"\u003c 4.6.5"}],"ecosystem":"pypi","package_name":"lxml"}],"created_at":"2022-12-21T16:12:40.793Z","updated_at":"2024-09-30T16:50:30.000Z","epss_percentage":0.02863,"epss_percentile":0.85512}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/lxml","docker_dependents_count":6398,"docker_downloads_count":5072336033,"usage_url":"https://repos.ecosyste.ms/usage/pypi/lxml","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/lxml/dependencies","status":null,"funding_links":["https://github.com/sponsors/scoder","https://tidelift.com/funding/github/pypi/lxml"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/lxml/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/lxml/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/lxml/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/lxml/related_packages","maintainers":[{"uuid":"faassen","login":"faassen","name":null,"email":null,"url":null,"packages_count":403,"html_url":"https://pypi.org/user/faassen/","role":null,"created_at":"2022-12-13T22:07:40.446Z","updated_at":"2022-12-13T22:07:40.446Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/faassen/packages"},{"uuid":"scoder","login":"scoder","name":null,"email":null,"url":null,"packages_count":11,"html_url":"https://pypi.org/user/scoder/","role":null,"created_at":"2022-12-13T22:07:40.454Z","updated_at":"2022-12-13T22:07:40.454Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/scoder/packages"},{"uuid":"zope.wineggbuilder","login":"zope.wineggbuilder","name":null,"email":null,"url":null,"packages_count":3,"html_url":"https://pypi.org/user/zope.wineggbuilder/","role":null,"created_at":"2022-12-13T22:07:40.462Z","updated_at":"2022-12-13T22:07:40.462Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/zope.wineggbuilder/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690322,"maintainers_count":292759,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":1094,"unique_repositories_count_past_30_days":57,"recent_issues":[{"uuid":"4544368049","node_id":"PR_kwDOQbHgbc7gb0Ms","number":6,"state":"closed","title":"chore(deps): bump the pip group across 9 directories with 18 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:52:45.000Z","updated_at":"2026-05-28T22:52:54.000Z","time_to_close":7,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":18,"packages":[{"name":"authlib","old_version":"1.5.2","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"dulwich","old_version":"0.22.8","new_version":"1.2.5","repository_url":"https://github.com/dulwich/dulwich"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"0.3.49","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-openai","old_version":"0.3.11","new_version":"1.1.14","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-text-splitters","old_version":"0.3.7","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.3.19","new_version":"0.8.0","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mem0ai","old_version":"0.1.88","new_version":"2.0.0b2","repository_url":"https://github.com/mem0ai/mem0"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pip","old_version":"24.2","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"poetry","old_version":"2.1.3","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"python-dotenv","old_version":"1.1.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pytorch-lightning","old_version":"2.5.1.post0","new_version":"2.6.1","repository_url":"https://github.com/Lightning-AI/pytorch-lightning"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen30b/wandb/run-20251119_104422-i55d4x26/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085502-ntfgah7s/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085815-o69alc9b/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_090142-tbmfb9o0/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182158-ymh8qjl6/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182714-8xv4ah4h/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064731-wq8xuzar/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064758-5jy9n26c/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251118_210438-u82h659i/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\n\nUpdates `authlib` from 1.5.2 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.5.2...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 0.22.8 to 1.2.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich 1.2.5\u003c/h2\u003e\n\u003cp\u003eThis is a security release. All users are encouraged to upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGHSA-gfhv-vqv2-4544\u003c/strong\u003e -- Validate submodule paths in \u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus \u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream repository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or any other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42305\u003c/strong\u003e -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects Windows path separators, the alternate data stream marker \u003ccode\u003e:\u003c/code\u003e, NTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e, and reserved Windows device names. \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every platform, and both \u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their correct option names. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42563\u003c/strong\u003e -- Shell-quote values substituted into \u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. A malicious branch could inject shell commands when a merge driver referencing \u003ccode\u003e%P\u003c/code\u003e was configured. (Reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-47712\u003c/strong\u003e -- Sanitize commit subjects used in \u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g. \u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ereceive.maxInputSize\u003c/strong\u003e -- Honour \u003ccode\u003ereceive.maxInputSize\u003c/code\u003e in \u003ccode\u003eReceivePackHandler\u003c/code\u003e. Previously a remote unauthenticated client could send a tiny crafted pack that declared a huge \u003ccode\u003edest_size\u003c/code\u003e and trigger hundreds of MB of allocation over \u003ccode\u003egit-receive-pack\u003c/code\u003e. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @ University of Sydney)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003edulwich-1.2.4\u003c/h2\u003e\n\u003cp\u003eTolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2192\"\u003e#2192\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0\u003c/h2\u003e\n\u003ch2\u003eNotable changes since 1.1.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eam\u003c/code\u003e command and \u003ccode\u003eporcelain.am()\u003c/code\u003e for applying mailbox-style email patches (\u003ccode\u003egit am\u003c/code\u003e), with state persistence for \u003ccode\u003e--continue\u003c/code\u003e, \u003ccode\u003e--skip\u003c/code\u003e, \u003ccode\u003e--abort\u003c/code\u003e, and \u003ccode\u003e--quit\u003c/code\u003e recovery (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1692\"\u003e#1692\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eapply\u003c/code\u003e command and \u003ccode\u003eporcelain.apply_patch()\u003c/code\u003e for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and \u003ccode\u003e--3way\u003c/code\u003e merge fallback (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1784\"\u003e#1784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExpand \u003ccode\u003elog\u003c/code\u003e command options: \u003ccode\u003e--oneline\u003c/code\u003e, \u003ccode\u003e--abbrev-commit\u003c/code\u003e, \u003ccode\u003e--author\u003c/code\u003e, \u003ccode\u003e--committer\u003c/code\u003e, \u003ccode\u003e--grep\u003c/code\u003e, \u003ccode\u003e--since\u003c/code\u003e/\u003ccode\u003e--after\u003c/code\u003e, \u003ccode\u003e--until\u003c/code\u003e/\u003ccode\u003e--before\u003c/code\u003e, \u003ccode\u003e-n\u003c/code\u003e/\u003ccode\u003e--max-count\u003c/code\u003e, \u003ccode\u003e--no-merges\u003c/code\u003e, \u003ccode\u003e--merges\u003c/code\u003e, \u003ccode\u003e--stat\u003c/code\u003e, \u003ccode\u003e-p\u003c/code\u003e/\u003ccode\u003e--patch\u003c/code\u003e, \u003ccode\u003e--name-only\u003c/code\u003e, and \u003ccode\u003e--follow\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1779\"\u003e#1779\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for push options (\u003ccode\u003e-o\u003c/code\u003e/\u003ccode\u003e--push-option\u003c/code\u003e) in \u003ccode\u003epush\u003c/code\u003e, enabling AGit flow and other server-side push option workflows.\u003c/li\u003e\n\u003cli\u003eAdd missing push options: \u003ccode\u003e--all\u003c/code\u003e, \u003ccode\u003e--tags\u003c/code\u003e, \u003ccode\u003e--delete\u003c/code\u003e, \u003ccode\u003e--dry-run\u003c/code\u003e, \u003ccode\u003e--prune\u003c/code\u003e, \u003ccode\u003e--set-upstream\u003c/code\u003e, \u003ccode\u003e--follow-tags\u003c/code\u003e, and \u003ccode\u003e--mirror\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1844\"\u003e#1844\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for atomic push operations (\u003ccode\u003e--atomic\u003c/code\u003e): either all ref updates succeed or none are applied (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1781\"\u003e#1781\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eextensions.relativeworktrees\u003c/code\u003e repository extension, allowing worktrees to use relative paths (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2112\"\u003e#2112\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.5\t2026-05-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(GHSA-gfhv-vqv2-4544): Validate submodule paths in\n\u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus\n\u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream\nrepository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or\nany other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the\nsubmodule's tree contents to be written there with their executable\nbits intact -- dropping a hook that later commands would run. Submodule\npaths are now rejected if they are absolute or carry a component that\nthe configured path validator refuses, and the submodule's own tree is\nmaterialized with the same validator. This is the dulwich analogue of git's\nCVE-2024-32002 / CVE-2024-32004.\n(Jelmer Vernooij; reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-42305): Harden tree path validation against entry\nnames that are harmless on POSIX but dangerous when checked out on\nWindows. A crafted tree could previously carry such names through to\nthe work tree. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWindows path separators, so an entry named\n\u003ccode\u003e.git\\hooks\\pre-commit.exe\u003c/code\u003e can no longer materialize a file\ninside \u003ccode\u003e.git\u003c/code\u003e that Git for Windows would execute.\u003c/li\u003e\n\u003cli\u003eThe alternate data stream marker \u003ccode\u003e:\u003c/code\u003e (e.g.\n\u003ccode\u003e.git::$INDEX_ALLOCATION\u003c/code\u003e, which writes into \u003ccode\u003e.git\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003eNTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e (\u003ccode\u003egit~\u0026lt;digits\u0026gt;\u003c/code\u003e); only\n\u003ccode\u003egit~1\u003c/code\u003e was rejected before.\u003c/li\u003e\n\u003cli\u003eReserved Windows device names (\u003ccode\u003eCON\u003c/code\u003e, \u003ccode\u003ePRN\u003c/code\u003e, \u003ccode\u003eAUX\u003c/code\u003e, \u003ccode\u003eNUL\u003c/code\u003e,\n\u003ccode\u003eCOM1\u003c/code\u003e-\u003ccode\u003eCOM9\u003c/code\u003e, \u003ccode\u003eLPT1\u003c/code\u003e-\u003ccode\u003eLPT9\u003c/code\u003e), including with an extension or\ntrailing dots/spaces such as \u003ccode\u003eNUL.txt\u003c/code\u003e or \u003ccode\u003eCOM1 .bar\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn addition, \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every\nplatform (matching git after CVE-2019-1353), so a POSIX clone no longer\naccepts paths that would be unsafe on a later Windows clone, and both\n\u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their\ncorrect option names, having previously been silently ignored. POSIX\nusers who need literal NTFS-unsafe filenames can opt out with\n\u003ccode\u003ecore.protectNTFS=false\u003c/code\u003e.\n(Jelmer Vernooij; reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY (CVE-2026-42563): Shell-quote values substituted into\n\u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. \u003ccode\u003e%P\u003c/code\u003e is a path from the git\ntree, so a malicious branch could inject shell commands when the\nuser had a merge driver configured that referenced \u003ccode\u003e%P\u003c/code\u003e.\n(Jelmer Vernooij; reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-47712): Sanitize commit subjects used in\n\u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g.\n\u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e.\n\u003ccode\u003eget_summary\u003c/code\u003e now matches git's \u003ccode\u003eformat_sanitized_subject\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/073f4dfa9840af2da59887ed828b026b609faa6c\"\u003e\u003ccode\u003e073f4df\u003c/code\u003e\u003c/a\u003e Release 1.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/5f85d3e4b0d47dd7fbf37934f9a4b9b6b98bb467\"\u003e\u003ccode\u003e5f85d3e\u003c/code\u003e\u003c/a\u003e tests: fix Windows-only failures in NTFS and merge-driver tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/25313ad7f9d5036b03617dc3dfc284a586966dab\"\u003e\u003ccode\u003e25313ad\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-5'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421\"\u003e\u003ccode\u003e1ca1814\u003c/code\u003e\u003c/a\u003e submodule: Reject unsafe submodule paths in submodule_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/3559ef15c1e2a8d2a56c98f36b53b29c5d60b9fd\"\u003e\u003ccode\u003e3559ef1\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-4'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/f860ca489d63624ae6d7c7945fbbd19018b8125c\"\u003e\u003ccode\u003ef860ca4\u003c/code\u003e\u003c/a\u003e server: Honour receive.maxInputSize to bound received packs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0fd6e6bb61f8017b1af4b5fdbf7602ddbcf6d17e\"\u003e\u003ccode\u003e0fd6e6b\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0110b885a1ab5b2128473263a6ff5b7230732e49\"\u003e\u003ccode\u003e0110b88\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-2'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290\"\u003e\u003ccode\u003e49eb56e\u003c/code\u003e\u003c/a\u003e Add NEWS entry for CVE-2026-42305\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9\"\u003e\u003ccode\u003e57efc4a\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-1'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-0.22.8...dulwich-1.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.49 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.49...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 0.3.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.1.14\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.13\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\nfix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36795\"\u003e#36795\u003c/a\u003e)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36777\"\u003e#36777\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.13\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.12\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36729\"\u003e#36729\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36539\"\u003e#36539\u003c/a\u003e)\nchore(openai): fix broken vcr cassette playback and add ci guard (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36502\"\u003e#36502\u003c/a\u003e)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36500\"\u003e#36500\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36455\"\u003e#36455\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36368\"\u003e#36368\u003c/a\u003e)\nfix(openai): update computer call test (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36352\"\u003e#36352\u003c/a\u003e)\nfix(openai): let user-provided User-Agent override the Azure default (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35523\"\u003e#35523\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36248\"\u003e#36248\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.12\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.11\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\nrelease(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nfix(openai): support phase parameter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36161\"\u003e#36161\u003c/a\u003e)\nfix(openai): preserve namespace field in streaming function_call chunks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36108\"\u003e#36108\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36039\"\u003e#36039\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35860\"\u003e#35860\u003c/a\u003e)\nfix(openai): add type: message to Responses API input items (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35693\"\u003e#35693\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nfeat(model-profiles): new fields + \u003ccode\u003eMakefile\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35788\"\u003e#35788\u003c/a\u003e)\nfix(openai): close PIL Image handles in token counting to prevent fd leak (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35742\"\u003e#35742\u003c/a\u003e)\nfix(openai): typo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35763\"\u003e#35763\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35754\"\u003e#35754\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.11\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.10\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35705\"\u003e#35705\u003c/a\u003e)\nrelease(openai): 1.1.11 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35703\"\u003e#35703\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a06c205738cf5953e28c37287ddb1559d67c01f6\"\u003e\u003ccode\u003ea06c205\u003c/code\u003e\u003c/a\u003e ci(infra): validate issue checkboxes by section (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36811\"\u003e#36811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/aa33b06deb0d65489ce254b48a8aaf8a86304c18\"\u003e\u003ccode\u003eaa33b06\u003c/code\u003e\u003c/a\u003e fix(langchain-classic): suppress mypy errors in compat code (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36806\"\u003e#36806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==0.3.11...langchain-openai==1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.7 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.0\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35318\"\u003e#35318\u003c/a\u003e)\nfix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35316\"\u003e#35316\u003c/a\u003e)\nchore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35279\"\u003e#35279\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35255\"\u003e#35255\u003c/a\u003e)\nstyle: bump ruff version to 0.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35042\"\u003e#35042\u003c/a\u003e)\nfix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35196\"\u003e#35196\u003c/a\u003e)\nfeat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35113\"\u003e#35113\u003c/a\u003e)\nchore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35162\"\u003e#35162\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 12 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35127\"\u003e#35127\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 8 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35120\"\u003e#35120\u003c/a\u003e)\nchore: add \u003ccode\u003emake type\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35015\"\u003e#35015\u003c/a\u003e)\nrevert: \u0026quot;chore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e\u0026quot; (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35013\"\u003e#35013\u003c/a\u003e)\nchore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35012\"\u003e#35012\u003c/a\u003e)\nfix(text-splitters): reverse preserved elements iterator in \u003ccode\u003eHTMLSemanticPreservingSplitter\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34080\"\u003e#34080\u003c/a\u003e)\nchore: enrich \u003ccode\u003epyproject.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34980\"\u003e#34980\u003c/a\u003e)\nchore(deps): bump the uv group across 20 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34941\"\u003e#34941\u003c/a\u003e)\nchore: upgrade urllib3 to 2.6.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34940\"\u003e#34940\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.7...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.3.19 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(js,py): JS 0.6.0, Py 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831\"\u003elangchain-ai/langsmith-sdk#2831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.6.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832\"\u003elangchain-ai/langsmith-sdk#2832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833\"\u003elangchain-ai/langsmith-sdk#2833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/Qwen3-RailroadEngineer1959-RL/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2FQwen3-RailroadEngineer1959-RL/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4543760423","node_id":"PR_kwDOSqs-LM7gZ0sS","number":5,"state":"open","title":"chore(deps): bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python:uv","dependabot-approved"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T20:56:21.000Z","updated_at":"2026-05-31T04:50:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/TechMatrix-labs/pythinker-code/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechMatrix-labs%2Fpythinker-code/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4539525071","node_id":"PR_kwDOSqM5uM7gL4Bz","number":6,"state":"closed","title":"[upd] pypi: Bump the minor group with 5 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T00:51:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T10:05:33.000Z","updated_at":"2026-05-30T00:51:31.000Z","time_to_close":139556,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"[upd] pypi: Bump","group_name":"minor","update_count":5,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"httpx-socks","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/romis2012/httpx-socks"},{"name":"typer","old_version":"0.25.1","new_version":"0.26.2","repository_url":"https://github.com/fastapi/typer"},{"name":"basedpyright","old_version":"1.39.4","new_version":"1.39.6","repository_url":"https://github.com/detachhead/basedpyright"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [httpx-socks](https://github.com/romis2012/httpx-socks) | `0.10.0` | `0.11.0` |\n| [typer](https://github.com/fastapi/typer) | `0.25.1` | `0.26.2` |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.39.4` | `1.39.6` |\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httpx-socks` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romis2012/httpx-socks/commit/ae0df29274f3b7018ee30b982a878921667c6511\"\u003e\u003ccode\u003eae0df29\u003c/code\u003e\u003c/a\u003e Delete setup.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romis2012/httpx-socks/commit/4e372f0895438f8034dbc9cb2637dc4e121bd69f\"\u003e\u003ccode\u003e4e372f0\u003c/code\u003e\u003c/a\u003e Move project metadata to pyproject.toml, other fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romis2012/httpx-socks/commit/07bac473517a6265e490eb53abcbbe59b5794fd3\"\u003e\u003ccode\u003e07bac47\u003c/code\u003e\u003c/a\u003e Fix http2 issue (\u003ca href=\"https://redirect.github.com/romis2012/httpx-socks/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/romis2012/httpx-socks/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typer` from 0.25.1 to 0.26.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for a \u003ccode\u003etyper.Option\u003c/code\u003e list is split on whitespace. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1791\"\u003e#1791\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for \u003ccode\u003etyper.Option\u003c/code\u003e works as expected. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1788\"\u003e#1788\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1714\"\u003e#1714\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.0\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e➖ Vendor Click and streamline Typer's functionality and code base. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1774\"\u003e#1774\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eTyper no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.\u003c/li\u003e\n\u003cli\u003eThis simplifies the work done by both Click and Typer teams.\u003c/li\u003e\n\u003cli\u003eIt allows Typer to evolve independently, and enables several new planned features.\u003c/li\u003e\n\u003cli\u003eIt will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.\u003c/li\u003e\n\u003cli\u003eThis also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.\u003c/li\u003e\n\u003cli\u003eYou can read more about it in the docs for \u003ca href=\"https://typer.tiangolo.com/tutorial/click/\"\u003eVendored Click\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1778\"\u003e#1778\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update contributing docs, reference central docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1777\"\u003e#1777\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1775\"\u003e#1775\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update link syntax to minimal Markdown. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1623\"\u003e#1623\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify usage of admonitions. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1755\"\u003e#1755\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📌 Pin max version of Click to \u003ccode\u003e\u0026gt;= 8.2.1, \u0026lt; 8.4\u003c/code\u003e temporarily to prevent incompatibilities. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1753\"\u003e#1753\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eSuperseded by vendoring Click.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e👷 Configure Dependabot to group updates and update weekly. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1768\"\u003e#1768\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1780\"\u003e#1780\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1771\"\u003e#1771\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1772\"\u003e#1772\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix categorization of PR 1475 in release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1769\"\u003e#1769\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Add Fish shell completion tests for colon options. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1475\"\u003e#1475\u003c/a\u003e by \u003ca href=\"https://github.com/Mohamed-Elwasila\"\u003e\u003ccode\u003e@​Mohamed-Elwasila\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Extend completion unit tests for zsh, powershell and pwsh. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1767\"\u003e#1767\u003c/a\u003e by \u003ca href=\"https://github.com/ADiTyaRaj8969\"\u003e\u003ccode\u003e@​ADiTyaRaj8969\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1746\"\u003e#1746\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Fix GitHub link in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1754\"\u003e#1754\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Migrate to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1470\"\u003e#1470\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1741\"\u003e#1741\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Remove unnecessary Ruff rule. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1752\"\u003e#1752\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1705\"\u003e#1705\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/blob/master/docs/release-notes.md\"\u003etyper's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.2 (2026-05-27)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for a \u003ccode\u003etyper.Option\u003c/code\u003e list is split on whitespace. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1791\"\u003e#1791\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.1 (2026-05-26)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for \u003ccode\u003etyper.Option\u003c/code\u003e works as expected. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1788\"\u003e#1788\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1714\"\u003e#1714\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.0 (2026-05-26)\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e➖ Vendor Click and streamline Typer's functionality and code base. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1774\"\u003e#1774\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eTyper no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.\u003c/li\u003e\n\u003cli\u003eThis simplifies the work done by both Click and Typer teams.\u003c/li\u003e\n\u003cli\u003eIt allows Typer to evolve independently, and enables several new planned features.\u003c/li\u003e\n\u003cli\u003eIt will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.\u003c/li\u003e\n\u003cli\u003eThis also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.\u003c/li\u003e\n\u003cli\u003eYou can read more about it in the docs for \u003ca href=\"https://typer.tiangolo.com/tutorial/click/\"\u003eVendored Click\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1778\"\u003e#1778\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update contributing docs, reference central docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1777\"\u003e#1777\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1775\"\u003e#1775\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update link syntax to minimal Markdown. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1623\"\u003e#1623\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify usage of admonitions. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1755\"\u003e#1755\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📌 Pin max version of Click to \u003ccode\u003e\u0026gt;= 8.2.1, \u0026lt; 8.4\u003c/code\u003e temporarily to prevent incompatibilities. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1753\"\u003e#1753\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eSuperseded by vendoring Click.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e👷 Configure Dependabot to group updates and update weekly. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1768\"\u003e#1768\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1780\"\u003e#1780\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1771\"\u003e#1771\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1772\"\u003e#1772\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix categorization of PR 1475 in release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1769\"\u003e#1769\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Add Fish shell completion tests for colon options. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1475\"\u003e#1475\u003c/a\u003e by \u003ca href=\"https://github.com/Mohamed-Elwasila\"\u003e\u003ccode\u003e@​Mohamed-Elwasila\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Extend completion unit tests for zsh, powershell and pwsh. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1767\"\u003e#1767\u003c/a\u003e by \u003ca href=\"https://github.com/ADiTyaRaj8969\"\u003e\u003ccode\u003e@​ADiTyaRaj8969\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1746\"\u003e#1746\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Fix GitHub link in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1754\"\u003e#1754\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Migrate to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1470\"\u003e#1470\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/eef433fcf337734f51ac68a77a82748adfacaa85\"\u003e\u003ccode\u003eeef433f\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.26.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/23474b03bca44ace3c0f7459653b2433626de74e\"\u003e\u003ccode\u003e23474b0\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5568bab22f9de34dbcd25e02a566505a11349d35\"\u003e\u003ccode\u003e5568bab\u003c/code\u003e\u003c/a\u003e 🐛 Ensure that an envvar set for a \u003ccode\u003etyper.Option\u003c/code\u003e list is split on whitespace ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/8c70d4987284a37ca6c418297af0210dc01ed5ac\"\u003e\u003ccode\u003e8c70d49\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.26.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/75ee9272b048a2843cd7acddb8f0cc39b8140e4a\"\u003e\u003ccode\u003e75ee927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/30288540dde2b68d820c450ea0452747be632a84\"\u003e\u003ccode\u003e3028854\u003c/code\u003e\u003c/a\u003e 🐛 Ensure that an envvar set for \u003ccode\u003etyper.Option\u003c/code\u003e works as expected (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1788\"\u003e#1788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/959a356fec72cedcfd4ee3f84790789f8e961989\"\u003e\u003ccode\u003e959a356\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/a79de202db26ae32d00674ba246b59864e2f89c1\"\u003e\u003ccode\u003ea79de20\u003c/code\u003e\u003c/a\u003e ⬆ Bump python-dotenv from 1.2.1 to 1.2.2 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/8f44149ca511ebd26fcaf36c4712e7d8a8004a4d\"\u003e\u003ccode\u003e8f44149\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/d88415fc1d20adcb73f44961f6ae8cff156df016\"\u003e\u003ccode\u003ed88415f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/typer/compare/0.25.1...0.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basedpyright` from 1.39.4 to 1.39.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ad82d91ce241116737e65e660c5420dd0366f405\"\u003e\u003ccode\u003ead82d91\u003c/code\u003e\u003c/a\u003e 1.39.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/cf60738b8dbbcc89f02d097a2dfa6e91c540bd86\"\u003e\u003ccode\u003ecf60738\u003c/code\u003e\u003c/a\u003e fix vscode config for formatting markdown files now that we use two formatter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/29e303a1b0b5f401f21c28fe3ea7da4b9db09e35\"\u003e\u003ccode\u003e29e303a\u003c/code\u003e\u003c/a\u003e print stderr from npm commands when build fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/f133f3d6b9a4ef3cf2d53a929a053875e1effbe4\"\u003e\u003ccode\u003ef133f3d\u003c/code\u003e\u003c/a\u003e uncomment some test code which started causing a test to fail. no idea why i ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/f71e96bfe63f0833f3d169cf0df9208a7734929f\"\u003e\u003ccode\u003ef71e96b\u003c/code\u003e\u003c/a\u003e remove python 3.9 check from \u003ccode\u003eTypeAlias4\u003c/code\u003e test because typeshed has dropped s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/e4c40b76f5cb70a44825aa65da7fdaa3f32b4f85\"\u003e\u003ccode\u003ee4c40b7\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/d7c522bc2a8b105d206b5efce0d6dd4e2610b917\"\u003e\u003ccode\u003ed7c522b\u003c/code\u003e\u003c/a\u003e ruff ignore new \u003ccode\u003ebenchmarkData\u003c/code\u003e files from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/a7cf33dce12ce64f8fb2fecf039c4422c232784a\"\u003e\u003ccode\u003ea7cf33d\u003c/code\u003e\u003c/a\u003e fix eslint in vscode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/14c96beec311ff57bb3ef416ac86f886648b1adb\"\u003e\u003ccode\u003e14c96be\u003c/code\u003e\u003c/a\u003e fix logic for reporting invalid \u003ccode\u003epythonPlatform\u003c/code\u003e detected by the new eslint v...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/280802ce1b2bdbaf78a880b94355ebf702241ca9\"\u003e\u003ccode\u003e280802c\u003c/code\u003e\u003c/a\u003e remove remnants of webpack\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.39.4...v1.39.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Amanzuu/Search-Engine-Project/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amanzuu%2FSearch-Engine-Project/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4528571642","node_id":"PR_kwDOC8BTjM7foTQH","number":20949,"state":"open","title":"build(deps): bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python","Changed"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-27T00:53:06.000Z","updated_at":"2026-05-27T03:14:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- CURSOR_SUMMARY --\u003e\n---\n\n\u003e [!NOTE]\n\u003e **Low Risk**\n\u003e Lockfile-only patch bump of an optional dev dependency with no production code changes; verify CI/dev installs still resolve correctly.\n\u003e \n\u003e **Overview**\n\u003e Bumps the optional **dev** dependency **`lxml`** from **6.1.0** to **6.1.1** by raising the floor in `pyproject.toml` (`\u003e=6.1.1`) and refreshing **`poetry.lock`** (package version, wheel artifact hashes, and lock `content-hash`).\n\u003e \n\u003e No application or test source changes—only dependency resolution. **`lxml`** remains tied to the `dev` extra and is used in-repo for JUnit XML parsing (`lxml.etree` in `chia/_tests/process_junit.py`), not runtime node/wallet code.\n\u003e \n\u003e \u003csup\u003eReviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 20feb6eaf2b40e6d6a554e9d40874d215c4b200b. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).\u003c/sup\u003e\n\u003c!-- /CURSOR_SUMMARY --\u003e","html_url":"https://github.com/Chia-Network/chia-blockchain/pull/20949","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chia-Network%2Fchia-blockchain/issues/20949","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20949/packages"},{"uuid":"4521014144","node_id":"PR_kwDOOCoWus7fPvj8","number":1,"state":"open","title":"Bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T03:09:58.000Z","updated_at":"2026-05-26T03:11:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":4,"packages":[{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"1.3.0","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"lxml","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the / directory: [idna](https://github.com/kjd/idna), [langchain-core](https://github.com/langchain-ai/langchain), [lxml](https://github.com/lxml/lxml) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.3.0 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.0...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.0 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.0...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/ollama-deep-researcher/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔄 This PR updates four Python dependencies (idna, langchain-core, lxml, urllib3) in the uv dependency group to their latest versions. The updates include important security fixes, particularly for lxml and urllib3, along with bug fixes and feature improvements across all packages.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **idna**: Updated from 3.10 to 3.15 with security fixes for CVE-2026-45409 and CVE-2026-45409, addressing quadratic time processing vulnerabilities\n- **langchain-core**: Updated from 1.3.0 to 1.3.3 with security hardening for `load()` function against untrusted manifests and improved tool handling\n- **lxml**: Updated from 6.0.0 to 6.1.0 fixing XXE vulnerability (CVE-2026-41066) in `iterparse()` and `ETCompatXMLParser`\n- **urllib3**: Updated from 2.6.3 to 2.7.0 addressing decompression-bomb bypass vulnerabilities and proxy header stripping issues\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify Updates]\n    B --\u003e C[Security Patches]\n    B --\u003e D[Feature Updates]\n    B --\u003e E[Bug Fixes]\n    C --\u003e F[idna: CVE fixes]\n    C --\u003e G[lxml: XXE protection]\n    C --\u003e H[urllib3: Decompression safeguards]\n    D --\u003e I[langchain-core: Tool improvements]\n    E --\u003e J[Various stability fixes]\n    F --\u003e K[Updated Dependencies]\n    G --\u003e K\n    H --\u003e K\n    I --\u003e K\n    J --\u003e K\n```\n\n### Impact\n- **Security Enhancement**: Critical vulnerabilities patched in idna, lxml, and urllib3 protecting against XXE attacks, quadratic time processing, and decompression bombs\n- **Stability Improvement**: Bug fixes across all packages improve reliability, particularly in HTTP response handling and XML parsing\n- **Feature Addition**: New capabilities like configurable chunk sizes in lxml and improved tool handling in langchain-core enhance functionality\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/ollama-deep-researcher/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Follama-deep-researcher/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4520297200","node_id":"PR_kwDOSnyNFs7fNaBQ","number":1,"state":"open","title":"deps(deps): update lxml requirement from \u003c7.0.0,\u003e=6.0.2 to \u003e=6.1.1,\u003c7.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:19:40.000Z","updated_at":"2026-05-26T00:19:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): update","packages":[{"name":"lxml","old_version":"\u003c7.0.0,\u003e=6.0.2","new_version":"\u003e=6.1.1,\u003c7.0.0","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/graham-a11y/Claude-seo/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/graham-a11y%2FClaude-seo/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4520006161","node_id":"PR_kwDOO9zzg87fMc_W","number":116,"state":"open","title":"chore(deps): bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T23:06:33.000Z","updated_at":"2026-05-25T23:06:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=uv\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Brain-Modulation-Lab/DBSAnnotator/pull/116","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brain-Modulation-Lab%2FDBSAnnotator/issues/116","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/116/packages"},{"uuid":"4517355771","node_id":"PR_kwDOQvQ14c7fD58u","number":26,"state":"open","title":"deps(deps): update lxml requirement from \u003e=4.9.0 to \u003e=6.1.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T13:46:24.000Z","updated_at":"2026-05-25T13:46:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): update","packages":[{"name":"lxml","old_version":"\u003e=4.9.0","new_version":"\u003e=6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-4.9.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/acuhlmann/hackersbot/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuhlmann%2Fhackersbot/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"},{"uuid":"4514318366","node_id":"PR_kwDOERpozs7e6EfY","number":1059,"state":"open","title":"Deps: Bump the python-packages group with 27 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T04:41:50.000Z","updated_at":"2026-05-25T04:43:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Deps: Bump","group_name":"python-packages","update_count":27,"packages":[{"name":"django","old_version":"4.2.30","new_version":"5.2.14","repository_url":"https://github.com/django/django"},{"name":"djangorestframework","old_version":"3.16.1","new_version":"3.17.1","repository_url":"https://github.com/encode/django-rest-framework"},{"name":"weasyprint","old_version":"66.0","new_version":"68.1","repository_url":"https://github.com/Kozea/WeasyPrint"},{"name":"pylint","old_version":"3.3.9","new_version":"4.0.5","repository_url":"https://github.com/pylint-dev/pylint"},{"name":"pytest","old_version":"8.4.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-django","old_version":"4.11.1","new_version":"4.12.0","repository_url":"https://github.com/pytest-dev/pytest-django"},{"name":"pytest-env","old_version":"1.1.5","new_version":"1.6.0","repository_url":"https://github.com/pytest-dev/pytest-env"},{"name":"pontos","old_version":"26.2.0","new_version":"26.5.0","repository_url":"https://github.com/greenbone/pontos"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"astroid","old_version":"3.3.11","new_version":"4.0.4","repository_url":"https://github.com/pylint-dev/astroid"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"coverage","old_version":"7.10.7","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"cssselect2","old_version":"0.8.0","new_version":"0.9.0","repository_url":"https://github.com/Kozea/cssselect2"},{"name":"fonttools","old_version":"4.60.2","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.15","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"iniconfig","old_version":"2.1.0","new_version":"2.3.0","repository_url":"https://github.com/pytest-dev/iniconfig"},{"name":"isort","old_version":"6.1.0","new_version":"8.0.1","repository_url":"https://github.com/PyCQA/isort"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"markdown-it-py","old_version":"3.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"platformdirs","old_version":"4.4.0","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pycparser","old_version":"2.23","new_version":"3.0","repository_url":"https://github.com/eliben/pycparser"},{"name":"pydyf","old_version":"0.11.0","new_version":"0.12.1","repository_url":"https://github.com/CourtBouillon/pydyf"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"tinycss2","old_version":"1.4.0","new_version":"1.5.1","repository_url":"https://github.com/Kozea/tinycss2"},{"name":"tinyhtml5","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/CourtBouillon/tinyhtml5"},{"name":"zopfli","old_version":"0.2.3.post1","new_version":"0.4.1","repository_url":"https://github.com/fonttools/py-zopfli"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 27 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [django](https://github.com/django/django) | `4.2.30` | `5.2.14` |\n| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.1` | `3.17.1` |\n| [weasyprint](https://github.com/Kozea/WeasyPrint) | `66.0` | `68.1` |\n| [pylint](https://github.com/pylint-dev/pylint) | `3.3.9` | `4.0.5` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.4.2` | `9.0.3` |\n| [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.11.1` | `4.12.0` |\n| [pytest-env](https://github.com/pytest-dev/pytest-env) | `1.1.5` | `1.6.0` |\n| [pontos](https://github.com/greenbone/pontos) | `26.2.0` | `26.5.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [astroid](https://github.com/pylint-dev/astroid) | `3.3.11` | `4.0.4` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.7` | `7.14.0` |\n| [cssselect2](https://github.com/Kozea/cssselect2) | `0.8.0` | `0.9.0` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.60.2` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.16` |\n| [iniconfig](https://github.com/pytest-dev/iniconfig) | `2.1.0` | `2.3.0` |\n| [isort](https://github.com/PyCQA/isort) | `6.1.0` | `8.0.1` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `3.0.0` | `4.2.0` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.4.0` | `4.9.6` |\n| [pycparser](https://github.com/eliben/pycparser) | `2.23` | `3.0` |\n| [pydyf](https://github.com/CourtBouillon/pydyf) | `0.11.0` | `0.12.1` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.14` |\n| [tinycss2](https://github.com/Kozea/tinycss2) | `1.4.0` | `1.5.1` |\n| [tinyhtml5](https://github.com/CourtBouillon/tinyhtml5) | `2.0.0` | `2.1.0` |\n| [zopfli](https://github.com/fonttools/py-zopfli) | `0.2.3.post1` | `0.4.1` |\n\nUpdates `django` from 4.2.30 to 5.2.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/024c26b1e77ea5b1b158265167ade47927a64c06\"\u003e\u003ccode\u003e024c26b\u003c/code\u003e\u003c/a\u003e [5.2.x] Bumped version for 5.2.14 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/2115d4eaee15107f5cd290d7cfcc5ffe3ad43661\"\u003e\u003ccode\u003e2115d4e\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/47cf968c125e3fab317e10fe150ec479e745f995\"\u003e\u003ccode\u003e47cf968\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/2ec27eda3ba6c14f0856e6e3eb1df07c41fd95e6\"\u003e\u003ccode\u003e2ec27ed\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ed18840c8cd1be81fdb3955cbfc9459989d6df68\"\u003e\u003ccode\u003eed18840\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/de3f622b7fa72aee68650f15263f2788b626680a\"\u003e\u003ccode\u003ede3f622\u003c/code\u003e\u003c/a\u003e [5.2.x] Added stub release notes and release date for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/fb61c8a6e902abc885048a1a78592a4bd4329f87\"\u003e\u003ccode\u003efb61c8a\u003c/code\u003e\u003c/a\u003e [5.2.x] Refs CVE-2026-4292 -- Isolated new test in AdminViewListEditable.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/bd1a7583061a96059ea560eb7b59bebce4240778\"\u003e\u003ccode\u003ebd1a758\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed two issues in release helper scripts/verify_release.sh.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/da57aaad76e674fdb01b741974acf229d3ac4132\"\u003e\u003ccode\u003eda57aaa\u003c/code\u003e\u003c/a\u003e [5.2.x] Added CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, an...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/c9a8bdbc4839a442b1a0453bd8ed38def4776139\"\u003e\u003ccode\u003ec9a8bdb\u003c/code\u003e\u003c/a\u003e [5.2.x] Post-release version bump.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/4.2.30...5.2.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `djangorestframework` from 3.16.1 to 3.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/django-rest-framework/releases\"\u003edjangorestframework's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9928\"\u003eencode/django-rest-framework#9928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\"\u003ehttps://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 by \u003ca href=\"https://github.com/auvipy\"\u003e\u003ccode\u003e@​auvipy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9781\"\u003eencode/django-rest-framework#9781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop deprecated coreapi support by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9895\"\u003eencode/django-rest-framework#9895\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to specify output format for \u003ccode\u003eDurationField\u003c/code\u003e by \u003ca href=\"https://github.com/sevdog\"\u003e\u003ccode\u003e@​sevdog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/8532\"\u003eencode/django-rest-framework#8532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing decorators: \u003ccode\u003e@versioning_class()\u003c/code\u003e, \u003ccode\u003e@content_negotiation_class()\u003c/code\u003e, \u003ccode\u003e@metadata_class()\u003c/code\u003e for function-based views by \u003ca href=\"https://github.com/qqii\"\u003e\u003ccode\u003e@​qqii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9719\"\u003eencode/django-rest-framework#9719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9780\"\u003eencode/django-rest-framework#9780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eviolation_error_code\u003c/code\u003e and \u003ccode\u003eviolation_error_message\u003c/code\u003e from \u003ccode\u003eUniqueConstraint\u003c/code\u003e in \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e by \u003ca href=\"https://github.com/s-aleshin\"\u003e\u003ccode\u003e@​s-aleshin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9766\"\u003eencode/django-rest-framework#9766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eipaddress\u003c/code\u003e objects in \u003ccode\u003eJSONEncoder\u003c/code\u003e by \u003ca href=\"https://github.com/corenting\"\u003e\u003ccode\u003e@​corenting\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9087\"\u003eencode/django-rest-framework#9087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional support to serialize \u003ccode\u003eBigInteger\u003c/code\u003e to string by \u003ca href=\"https://github.com/HoodyH\"\u003e\u003ccode\u003e@​HoodyH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9775\"\u003eencode/django-rest-framework#9775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Django 6.0 support by \u003ca href=\"https://github.com/MehrazRumman\"\u003e\u003ccode\u003e@​MehrazRumman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9819\"\u003eencode/django-rest-framework#9819\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent small risk of \u003ccode\u003eToken\u003c/code\u003e overwrite by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9754\"\u003eencode/django-rest-framework#9754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e validation when condition references a read-only field by \u003ca href=\"https://github.com/ticosax\"\u003e\u003ccode\u003e@​ticosax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9764\"\u003eencode/django-rest-framework#9764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix validation on many to many field when \u003ccode\u003edefault=None\u003c/code\u003e by \u003ca href=\"https://github.com/Genarito\"\u003e\u003ccode\u003e@​Genarito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9790\"\u003eencode/django-rest-framework#9790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid SPDX license expression in \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/TheFunctionalGuy\"\u003e\u003ccode\u003e@​TheFunctionalGuy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9799\"\u003eencode/django-rest-framework#9799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e to ensure a valid \u003ccode\u003edatetime-local\u003c/code\u003e format by \u003ca href=\"https://github.com/mgaligniana\"\u003e\u003ccode\u003e@​mgaligniana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9365\"\u003eencode/django-rest-framework#9365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mutable default arguments in OrderingFilter methods by \u003ca href=\"https://github.com/killerdevildog\"\u003e\u003ccode\u003e@​killerdevildog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9742\"\u003eencode/django-rest-framework#9742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate TokenAdmin to respect USERNAME_FIELD of the user model by \u003ca href=\"https://github.com/m000\"\u003e\u003ccode\u003e@​m000\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9836\"\u003eencode/django-rest-framework#9836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve ordering in \u003ccode\u003eMultipleChoiceField\u003c/code\u003e by \u003ca href=\"https://github.com/fbozhang\"\u003e\u003ccode\u003e@​fbozhang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9735\"\u003eencode/django-rest-framework#9735\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate French translation by \u003ca href=\"https://github.com/SebCorbin\"\u003e\u003ccode\u003e@​SebCorbin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9770\"\u003eencode/django-rest-framework#9770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Brazilian Portuguese translations by \u003ca href=\"https://github.com/JVPinheiroReis\"\u003e\u003ccode\u003e@​JVPinheiroReis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9828\"\u003eencode/django-rest-framework#9828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and improve French translations by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9896\"\u003eencode/django-rest-framework#9896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing Russian translation by \u003ca href=\"https://github.com/minorytanaka\"\u003e\u003ccode\u003e@​minorytanaka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9903\"\u003eencode/django-rest-framework#9903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate packaging to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9056\"\u003eencode/django-rest-framework#9056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove package data rules from \u003ccode\u003eMANIFEST.in\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9825\"\u003eencode/django-rest-framework#9825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet up release workflow with trusted publisher by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9852\"\u003eencode/django-rest-framework#9852\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor token generation to use the \u003ccode\u003esecrets\u003c/code\u003e module by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9760\"\u003eencode/django-rest-framework#9760\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd validation for decorator out-of-order with \u003ccode\u003e@api_view\u003c/code\u003e by \u003ca href=\"https://github.com/kernelshard\"\u003e\u003ccode\u003e@​kernelshard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9821\"\u003eencode/django-rest-framework#9821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to mkdocs material theme for documentation by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9849\"\u003eencode/django-rest-framework#9849\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khaledsukkar2\"\u003e\u003ccode\u003e@​khaledsukkar2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9717\"\u003eencode/django-rest-framework#9717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/22e231cf2f77b4cfe929de875d958b93916b1a8b\"\u003e\u003ccode\u003e22e231c\u003c/code\u003e\u003c/a\u003e Prepare bug fix release 3.17.1 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9931\"\u003e#9931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/8e99b53db7b122417580ec2993ac6776b4d858d5\"\u003e\u003ccode\u003e8e99b53\u003c/code\u003e\u003c/a\u003e Add condition to skip pushed tags from forks (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9924\"\u003e#9924\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c0407dee6ef8a5603c2d5d34373d724be7b98188\"\u003e\u003ccode\u003ec0407de\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9928\"\u003e#9928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/30d58a75eeef7097f97cdc9f171d2ec741b36d30\"\u003e\u003ccode\u003e30d58a7\u003c/code\u003e\u003c/a\u003e Fix the book sizing in the documentation (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9926\"\u003e#9926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/6f03b79c057c470524b12e9ac46bc2bb384570e0\"\u003e\u003ccode\u003e6f03b79\u003c/code\u003e\u003c/a\u003e Tweak order of changes in release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/021ab5664b085594876032cf062c1220bc1ca03c\"\u003e\u003ccode\u003e021ab56\u003c/code\u003e\u003c/a\u003e Bump version and update release notes for 3.17.0 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9921\"\u003e#9921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/19ebad70ae560e3f83c0e30af6be7c7df3b5aeec\"\u003e\u003ccode\u003e19ebad7\u003c/code\u003e\u003c/a\u003e Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9923\"\u003e#9923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/f222c55d8a498c9770f2795c6cd34fedffaf043c\"\u003e\u003ccode\u003ef222c55\u003c/code\u003e\u003c/a\u003e Correct requires-python key in pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/7e7de6fceee3ad2e20b0dd93b119b6b00eadd797\"\u003e\u003ccode\u003e7e7de6f\u003c/code\u003e\u003c/a\u003e Remove code fences from release checklist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c599d309490fe59ae385954ad544a64b58abffd2\"\u003e\u003ccode\u003ec599d30\u003c/code\u003e\u003c/a\u003e Update release process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.16.1...3.17.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `weasyprint` from 66.0 to 68.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/WeasyPrint/releases\"\u003eweasyprint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev68.1\u003c/h2\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2662\"\u003e#2662\u003c/a\u003e: Don’t crash when SVG clip paths are not in defs tags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2665\"\u003e#2665\u003c/a\u003e: Fix position of box bounding box\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2663\"\u003e#2663\u003c/a\u003e: Fix transparency with Acrobat and Edge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2666\"\u003e#2666\u003c/a\u003e: Don’t rely on random default font to define test page size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2670\"\u003e#2670\u003c/a\u003e: Fix pattern detection of URL schemes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/pull/2671\"\u003e#2671\u003c/a\u003e: Improve API compatibility between URLFetcherResponse and addinfourl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2672\"\u003e#2672\u003c/a\u003e: Fix charset for old URL fetcher requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/pull/2675\"\u003e#2675\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2673\"\u003e#2673\u003c/a\u003e: Fix calc for many properties\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGuillaume Ayoub\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBackers and sponsors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpacinov\u003c/li\u003e\n\u003cli\u003eSyslifters\u003c/li\u003e\n\u003cli\u003eKobalt\u003c/li\u003e\n\u003cli\u003eSimon Sapin\u003c/li\u003e\n\u003cli\u003eGrip Angebotssoftware\u003c/li\u003e\n\u003cli\u003eManuel Barkhau\u003c/li\u003e\n\u003cli\u003eSimonsoft\u003c/li\u003e\n\u003cli\u003eKontextWork\u003c/li\u003e\n\u003cli\u003eMenutech\u003c/li\u003e\n\u003cli\u003eTrainingSparkle\u003c/li\u003e\n\u003cli\u003eHealthchecks.io\u003c/li\u003e\n\u003cli\u003eMethod B\u003c/li\u003e\n\u003cli\u003eFieldHub\u003c/li\u003e\n\u003cli\u003eHammerbacher\u003c/li\u003e\n\u003cli\u003eYanal-Yves Fargialla\u003c/li\u003e\n\u003cli\u003eMorntag\u003c/li\u003e\n\u003cli\u003ePiloterr\u003c/li\u003e\n\u003cli\u003eXavid\u003c/li\u003e\n\u003cli\u003eCharlie S.\u003c/li\u003e\n\u003cli\u003eProthesis Dental Solutions\u003c/li\u003e\n\u003cli\u003eKai DeLorenzo\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev68.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis is a security update (CVE-2025-68616).\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eWe strongly recommend to upgrade WeasyPrint to the latest version if you use the \u003ccode\u003edefault_url_fetcher\u003c/code\u003e function in your custom URL fetcher, or if you use the \u003ccode\u003eallowed_protocols\u003c/code\u003e parameter of the \u003ccode\u003edefault_url_fetcher\u003c/code\u003e function.\u003c/p\u003e\n\u003cp\u003eRead about this release \u003ca href=\"https://www.courtbouillon.org/blog/00061-weasyprint-68/\"\u003eon our blog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/WeasyPrint/blob/main/docs/changelog.rst\"\u003eweasyprint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 68.1\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-02-06.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#2662](https://github.com/Kozea/WeasyPrint/issues/2662) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2662\u0026gt;\u003c/code\u003e_:\nDon’t crash when SVG clip paths are not in defs tags\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2665](https://github.com/Kozea/WeasyPrint/issues/2665) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2665\u0026gt;\u003c/code\u003e_:\nFix position of box bounding box\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2663](https://github.com/Kozea/WeasyPrint/issues/2663) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2663\u0026gt;\u003c/code\u003e_:\nFix transparency with Acrobat and Edge\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2666](https://github.com/Kozea/WeasyPrint/issues/2666) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2666\u0026gt;\u003c/code\u003e_:\nDon’t rely on random default font to define test page size\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2670](https://github.com/Kozea/WeasyPrint/issues/2670) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2670\u0026gt;\u003c/code\u003e_:\nFix pattern detection of URL schemes\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2671](https://github.com/Kozea/WeasyPrint/issues/2671) \u0026lt;https://github.com/Kozea/WeasyPrint/pull/2671\u0026gt;\u003c/code\u003e_:\nImprove API compatibility between URLFetcherResponse and addinfourl\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2672](https://github.com/Kozea/WeasyPrint/issues/2672) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2672\u0026gt;\u003c/code\u003e_:\nFix charset for old URL fetcher requests\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2675](https://github.com/Kozea/WeasyPrint/issues/2675) \u0026lt;https://github.com/Kozea/WeasyPrint/pull/2675\u0026gt;\u003c/code\u003e\u003cem\u003e,\n\u003ccode\u003e[#2673](https://github.com/Kozea/WeasyPrint/issues/2673) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2673\u0026gt;\u003c/code\u003e\u003c/em\u003e:\nFix calc for many properties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eContributors:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGuillaume Ayoub\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBackers and sponsors:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSpacinov\u003c/li\u003e\n\u003cli\u003eSyslifters\u003c/li\u003e\n\u003cli\u003eKobalt\u003c/li\u003e\n\u003cli\u003eSimon Sapin\u003c/li\u003e\n\u003cli\u003eGrip Angebotssoftware\u003c/li\u003e\n\u003cli\u003eManuel Barkhau\u003c/li\u003e\n\u003cli\u003eSimonsoft\u003c/li\u003e\n\u003cli\u003eKontextWork\u003c/li\u003e\n\u003cli\u003eMenutech\u003c/li\u003e\n\u003cli\u003eTrainingSparkle\u003c/li\u003e\n\u003cli\u003eHealthchecks.io\u003c/li\u003e\n\u003cli\u003eMethod B\u003c/li\u003e\n\u003cli\u003eFieldHub\u003c/li\u003e\n\u003cli\u003eHammerbacher\u003c/li\u003e\n\u003cli\u003eYanal-Yves Fargialla\u003c/li\u003e\n\u003cli\u003eMorntag\u003c/li\u003e\n\u003cli\u003ePiloterr\u003c/li\u003e\n\u003cli\u003eXavid\u003c/li\u003e\n\u003cli\u003eCharlie S.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/88d466df43b205c6abbc385e2832cbe6c77aeddc\"\u003e\u003ccode\u003e88d466d\u003c/code\u003e\u003c/a\u003e Version 68.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/d5dab6e9f173826208082f24546977927d9c3c0c\"\u003e\u003ccode\u003ed5dab6e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2675\"\u003e#2675\u003c/a\u003e from Kozea/fix-calc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/e752cb3fde54d13cdc5eb4a7fdb80fd172a3c28b\"\u003e\u003ccode\u003ee752cb3\u003c/code\u003e\u003c/a\u003e Allow calc for more properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/66928cec7a2b000c706b5699518adbcedeff6e71\"\u003e\u003ccode\u003e66928ce\u003c/code\u003e\u003c/a\u003e Allow calc for preferred content width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/c155e217b8ff1624f536113ab54622effece3ad8\"\u003e\u003ccode\u003ec155e21\u003c/code\u003e\u003c/a\u003e Allow calc for text-underline-offset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/9f5ca24e816a250b3c35cc5dda4b871cbc8d829a\"\u003e\u003ccode\u003e9f5ca24\u003c/code\u003e\u003c/a\u003e Allow calc for text-decoration-thickness\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/b2acd6d5eb7fc00920a883169b62ad13394e1f38\"\u003e\u003ccode\u003eb2acd6d\u003c/code\u003e\u003c/a\u003e Allow calc for hyphenate-limit-zone\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/321bcf696acb710115a467d04fc0b5f640faf627\"\u003e\u003ccode\u003e321bcf6\u003c/code\u003e\u003c/a\u003e Simplify, test and fix wrong calc() values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/38d3f53154a2c3c3d7b29dd11e01ed21f61fc2ab\"\u003e\u003ccode\u003e38d3f53\u003c/code\u003e\u003c/a\u003e Fix and test calc() function for table width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/4dfd05f13dfeadf36d44e8f72ee3f2df0b4c6945\"\u003e\u003ccode\u003e4dfd05f\u003c/code\u003e\u003c/a\u003e Don’t iterate over all lines when trying to report footnotes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kozea/WeasyPrint/compare/v66.0...v68.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pylint` from 3.3.9 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/88e1ab7545a4af4aea15c305a154c164a95ab842\"\u003e\u003ccode\u003e88e1ab7\u003c/code\u003e\u003c/a\u003e Bump pylint to 4.0.5, update changelog (\u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10860\"\u003e#10860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/d96d489a1743d32b6bfa53fc0f69a4333209a146\"\u003e\u003ccode\u003ed96d489\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Relax isort version constraint to allow isort 8 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/0b08ccb014c265700f244a885bdcbdfa3a03de46\"\u003e\u003ccode\u003e0b08ccb\u003c/code\u003e\u003c/a\u003e Fix dynamic color mapping for \u0026quot;fail-on\u0026quot; messages when using multiple reporter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/154dba43276e8232a2e1cb8f90bfcc63886f3460\"\u003e\u003ccode\u003e154dba4\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix FP for \u003ccode\u003einvalid-name\u003c/code\u003e with \u003ccode\u003etyping.Final\u003c/code\u003e on...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/7b73bfdedf275935b9c5b43a6aeda5cc648b4847\"\u003e\u003ccode\u003e7b73bfd\u003c/code\u003e\u003c/a\u003e Disable unspecified-encoding for py-version above Python 3.15 (\u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10800\"\u003e#10800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/4cc98be8b7786dbc6692493fe9cedb8585af5518\"\u003e\u003ccode\u003e4cc98be\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix setting options for import order checker (\u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/f0d30a27b510d69f846e3aaa0054cf0a1412923c\"\u003e\u003ccode\u003ef0d30a2\u003c/code\u003e\u003c/a\u003e Sync astroid version with requirements file again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/38bdf024648724e6aea017e62d3b57cb44097ec3\"\u003e\u003ccode\u003e38bdf02\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix \u003ccode\u003elogging-unsupported-format\u003c/code\u003e when logging ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/f08c33ae3e691eed868e49c0d15270dc6e6a0d6c\"\u003e\u003ccode\u003ef08c33a\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Properly detect \u003ccode\u003eself.fail()\u003c/code\u003e as a terminating...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/e16f942166511d6fb4427e503a734152fae0c4fe\"\u003e\u003ccode\u003ee16f942\u003c/code\u003e\u003c/a\u003e Bump pylint to 4.0.4, update changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pylint-dev/pylint/compare/v3.3.9...v4.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.4.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.4.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-django` from 4.11.1 to 4.12.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst\"\u003epytest-django's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.0 (2026-02-14)\u003c/h2\u003e\n\u003cp\u003eCompatibility\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOfficial Python 3.14 support.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.9, minimum version is now Python 3.10.\u003c/li\u003e\n\u003cli\u003eOfficial Django 6.0 support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements\n^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe :ref:\u003ccode\u003emultiple databases \u0026lt;multi-db\u0026gt;\u003c/code\u003e support added in v4.3.0 is no longer considered experimental.\u003c/li\u003e\n\u003cli\u003eAdded :func:\u003ccode\u003e@pytest.mark.django_isolate_apps \u0026lt;pytest.mark.django_isolate_apps\u0026gt;\u003c/code\u003e\nfor isolating Django's app registry in pytest tests, and a\n:fixture:\u003ccode\u003edjango_isolated_apps\u003c/code\u003e fixture to access the isolated Apps registry instance if needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/a2a94956cc24bb30030510710f0f27e61efb0cf0\"\u003e\u003ccode\u003ea2a9495\u003c/code\u003e\u003c/a\u003e Release 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/020bc237ac7be78ab3a2780d07637f77166a6263\"\u003e\u003ccode\u003e020bc23\u003c/code\u003e\u003c/a\u003e tests: make sure access to default can also be blocked\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/bcefbe832468f764b0f2665548aae8a9f75820a7\"\u003e\u003ccode\u003ebcefbe8\u003c/code\u003e\u003c/a\u003e Add support for isolating apps in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/39c8dcc249d5c103d29d170a5ad63a2fe7067049\"\u003e\u003ccode\u003e39c8dcc\u003c/code\u003e\u003c/a\u003e plugin: add a note why we reorder tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/1830acd6193ad6d851131c9ed805c003c10ce27a\"\u003e\u003ccode\u003e1830acd\u003c/code\u003e\u003c/a\u003e pyproject.toml: require pytest 9 for self tests, switch to native toml config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/f19da084b9b8b131c5ae178f1a8a907ec6e3567b\"\u003e\u003ccode\u003ef19da08\u003c/code\u003e\u003c/a\u003e Fix the order of the test cases that use the live_server fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/92858eed573ce1786d0f67d242426c7f8f75dd7b\"\u003e\u003ccode\u003e92858ee\u003c/code\u003e\u003c/a\u003e docs: add pytest 9.0+ native TOML configuration format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/3f550d93947acda430c27be578b7619c25abddc8\"\u003e\u003ccode\u003e3f550d9\u003c/code\u003e\u003c/a\u003e build(deps): bump hynek/build-and-inspect-python-package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/1f50dd29b8778e645ca7a88a285b30a9c788afc4\"\u003e\u003ccode\u003e1f50dd2\u003c/code\u003e\u003c/a\u003e Drop obsolete traces of Django 5.0 in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/247ec1c365da3d25f230dde22b7a0e1805749d09\"\u003e\u003ccode\u003e247ec1c\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ePytestCollectionWarning\u003c/code\u003e for \u003ccode\u003eTestRunner\u003c/code\u003e class (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-django/issues/1259\"\u003e#1259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-django/compare/v4.11.1...v4.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-env` from 1.1.5 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-env/releases\"\u003epytest-env's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(env): preserve existing env values by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/213\"\u003epytest-dev/pytest-env#213\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.5.1...1.6.0\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.5.1...1.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.5.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to workflows by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/203\"\u003epytest-dev/pytest-env#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SECURITY.md to .github/ by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/206\"\u003epytest-dev/pytest-env#206\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing .github config files by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/207\"\u003epytest-dev/pytest-env#207\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/208\"\u003epytest-dev/pytest-env#208\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix verbose source attribution when falling back to INI env by \u003ca href=\"https://github.com/shuofengzhang\"\u003e\u003ccode\u003e@​shuofengzhang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/211\"\u003epytest-dev/pytest-env#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shuofengzhang\"\u003e\u003ccode\u003e@​shuofengzhang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/211\"\u003epytest-dev/pytest-env#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.5.0...1.5.1\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.5.0...1.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.5.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(plugin): add --pytest-env-verbose for debugging env assignments by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/199\"\u003epytest-dev/pytest-env#199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.4.0...1.5.0\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.4.0...1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(cli): add --envfile option for runtime environment switching by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/197\"\u003epytest-dev/pytest-env#197\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.3.2...1.4.0\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.3.2...1.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.3.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 build(type): migrate from mypy to ty by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/192\"\u003epytest-dev/pytest-env#192\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/8bd22d1b9d9d7594c408040610868743ca3d5a9b\"\u003e\u003ccode\u003e8bd22d1\u003c/code\u003e\u003c/a\u003e ✨ feat(env): preserve existing env values (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/81f9e0e19d17169f03d9c078818421f34c45a67d\"\u003e\u003ccode\u003e81f9e0e\u003c/code\u003e\u003c/a\u003e Fix verbose source attribution when falling back to INI env (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/211\"\u003e#211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/81dc95d54f09ebb9b6e5f704b86a4bb60552b08b\"\u003e\u003ccode\u003e81dc95d\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/439cc76fecbfbb95b6d3123a32bbc8030a9f95c0\"\u003e\u003ccode\u003e439cc76\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/209\"\u003e#209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/b1b498e28cb76863a6e88c713a9bb09cdfbb0857\"\u003e\u003ccode\u003eb1b498e\u003c/code\u003e\u003c/a\u003e Standardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/066dadc7b4f8a40818e2c19c6bbd7281671eb081\"\u003e\u003ccode\u003e066dadc\u003c/code\u003e\u003c/a\u003e Add missing .github config files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/7d01327e395f0080dd6256c0cf30f2a8693c3c32\"\u003e\u003ccode\u003e7d01327\u003c/code\u003e\u003c/a\u003e Add SECURITY.md to .github/\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/04259c91dfbd4b77a053bcad5fd63d5d7d78ae5d\"\u003e\u003ccode\u003e04259c9\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/4fdb9d8d6defe6fc40069455ec672fa3f1bef51f\"\u003e\u003ccode\u003e4fdb9d8\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/204\"\u003e#204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/672e44f059e03870caf87054aa7426411a8a9658\"\u003e\u003ccode\u003e672e44f\u003c/code\u003e\u003c/a\u003e Add permissions to workflows (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.1.5...1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pontos` from 26.2.0 to 26.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/greenbone/pontos/releases\"\u003epontos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epontos 26.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v26.4.3..26.5.0\"\u003e26.5.0\u003c/a\u003e - 2026-05-19\u003c/h2\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:construction_worker: Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRename \u0026quot;Status Change\u0026quot; to \u0026quot;CVE Status Change\u0026quot; by \u003ca href=\"https://github.com/n-thumann\"\u003e\u003ccode\u003e@​n-thumann\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1220\"\u003e#1220\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:ship: Dependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump urllib3 from 2.6.3 to 2.7.0 by \u003ca href=\"https://github.com/dependabot%5Bbot%5D\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1217\"\u003e#1217\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 26.4.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v26.4.2..26.4.3\"\u003e26.4.3\u003c/a\u003e - 2026-04-29\u003c/h2\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:sparkles: Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE Change event name \u0026quot;Data Remediation\u0026quot; by \u003ca href=\"https://github.com/n-thumann\"\u003e\u003ccode\u003e@​n-thumann\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1214\"\u003e#1214\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 26.4.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v26.4.1..26.4.2\"\u003e26.4.2\u003c/a\u003e - 2026-04-27\u003c/h2\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:sparkles: Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTwo test cases for XML files by \u003ca href=\"https://github.com/wiegandm\"\u003e\u003ccode\u003e@​wiegandm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1211\"\u003e#1211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:construction_worker: Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove XML declarations from templates by \u003ca href=\"https://github.com/wiegandm\"\u003e\u003ccode\u003e@​wiegandm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/greenbone/pontos/commit/9e2d78c64bcd5ffc4fb793d3770bdb409cf56b1e\"\u003e9e2d78c\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent duplication and adding of XML declarations by \u003ca href=\"https://github.com/wiegandm\"\u003e\u003ccode\u003e@​wiegandm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/greenbone/pontos/commit/ee996b5771ddb3e0183b00ad34ffda45988d6dbc\"\u003eee996b5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:wrench: Miscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse git-cliff for release changelog generation by \u003ca href=\"https://github.com/bjoernricks\"\u003e\u003ccode\u003e@​bjoernricks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/greenbone/pontos/commit/af9e7f10db1b8cab9912e0c0827380feab952194\"\u003eaf9e7f1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the conventional commits workflow by \u003ca href=\"https://github.com/bjoernricks\"\u003e\u003ccode\u003e@​bjoernricks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1210\"\u003e#1210\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:ship: Dependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 8 updates by \u003ca href=\"https://github.com/dependabot%5Bbot%5D\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1209\"\u003e#1209\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 26.4.1\u003c/h2\u003e\n\u003ch2\u003e[26.4.1] - 2026-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a380de64b4e171a476b1cf3172319ee180ed818f\"\u003e\u003ccode\u003ea380de6\u003c/code\u003e\u003c/a\u003e Automatic release to 26.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/12b9dd283e3d261098719ac8ce94625f73e98684\"\u003e\u003ccode\u003e12b9dd2\u003c/code\u003e\u003c/a\u003e Change: Rename \u0026quot;Status Change\u0026quot; to \u0026quot;CVE Status Change\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/fd0a178d18da0d3ead9de7c1d9933364d6cfafac\"\u003e\u003ccode\u003efd0a178\u003c/code\u003e\u003c/a\u003e Deps: Bump urllib3 from 2.6.3 to 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/00adf5473d50e7aa0e0839984a8ba44447e28c0d\"\u003e\u003ccode\u003e00adf54\u003c/code\u003e\u003c/a\u003e Update: Greenbone license header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a793376e247ac9a8e0994d1ba56cd2e44bbaf575\"\u003e\u003ccode\u003ea793376\u003c/code\u003e\u003c/a\u003e Automatic adjustments after release [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/7e3dffb21ddab71884678eac10215767319d29f4\"\u003e\u003ccode\u003e7e3dffb\u003c/code\u003e\u003c/a\u003e Automatic release to 26.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/f2f04018b6e2eabb1b64123445dadbcfdb85d112\"\u003e\u003ccode\u003ef2f0401\u003c/code\u003e\u003c/a\u003e Add: CVE Change event name \u0026quot;Data Remediation\u0026quot; (\u003ca href=\"https://redirect.github.com/greenbone/pontos/issues/1214\"\u003e#1214\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a81ba0338193a9e889da80825487a86be7179ee2\"\u003e\u003ccode\u003ea81ba03\u003c/code\u003e\u003c/a\u003e Automatic adjustments after release [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/46c3185d68b38c4889db97a0e89fd2622728c341\"\u003e\u003ccode\u003e46c3185\u003c/code\u003e\u003c/a\u003e Automatic release to 26.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/31d04650f4750791cbfdfbc3afa267693e709051\"\u003e\u003ccode\u003e31d0465\u003c/code\u003e\u003c/a\u003e Use snake_case for release-version output variables\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/greenbone/pontos/compare/v26.2.0...v26.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astroid` from 3.3.11 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pylint-dev/astroid/releases\"\u003eastroid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.4?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-02-07\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eis_namespace()\u003c/code\u003e crash when search locations contain \u003ccode\u003epathlib.Path\u003c/code\u003e objects.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2942\"\u003e#2942\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.3\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.3?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-01-03\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inference of \u003ccode\u003eIfExp\u003c/code\u003e (ternary expression) nodes to avoid prematurely narrowing\nresults in the face of inference ambiguity.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2899\"\u003e#2899\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix base class inference for dataclasses using the PEP 695 typing syntax.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10788\"\u003epylint-dev/pylint#10788\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.2?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-11-09\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHandle FunctionDef blockstart_tolineno edge cases correctly.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2880\"\u003e#2880\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eHTTPMethod\u003c/code\u003e enum support to brain module for Python 3.11+.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10624\"\u003epylint-dev/pylint#10624\u003c/a\u003e\nCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2877\"\u003e#2877\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.1?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-10-11\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSuppress \u003ccode\u003eSyntaxWarning\u003c/code\u003e for invalid escape sequences and return in finally on\nPython 3.14 when parsing modules.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAssign \u003ccode\u003eImport\u003c/code\u003e and \u003ccode\u003eImportFrom\u003c/code\u003e nodes to module locals if used with \u003ccode\u003eglobal\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10632\"\u003epylint-dev/pylint#10632\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pylint-dev/astroid/blob/main/ChangeLog\"\u003eastroid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.4?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-02-07\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eis_namespace()\u003c/code\u003e crash when search locations contain \u003ccode\u003epathlib.Path\u003c/code\u003e objects.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2942\"\u003e#2942\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.3?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-01-03\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inference of \u003ccode\u003eIfExp\u003c/code\u003e (ternary expression) nodes to avoid prematurely narrowing\nresults in the face of inference ambiguity.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2899\"\u003e#2899\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix base class inference for dataclasses using the PEP 695 typing syntax.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10788\"\u003epylint-dev/pylint#10788\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.2?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-11-09\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHandle FunctionDef blockstart_tolineno edge cases correctly.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2880\"\u003e#2880\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eHTTPMethod\u003c/code\u003e enum support to brain module for Python 3.11+.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10624\"\u003epylint-dev/pylint#10624\u003c/a\u003e\nCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2877\"\u003e#2877\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.1?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-10-11\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSuppress \u003ccode\u003eSyntaxWarning\u003c/code\u003e for invalid escape sequences and return in finally on\nPython 3.14 when parsing modules.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAssign \u003ccode\u003eImport\u003c/code\u003e and \u003ccode\u003eImportFrom\u003c/code\u003e nodes to module locals if used with \u003ccode\u003eglobal\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10632\"\u003epylint-dev/pylint#10632\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.0?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-10-05\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/019feb6018eef32a0e3a25d8153427a537961882\"\u003e\u003ccode\u003e019feb6\u003c/code\u003e\u003c/a\u003e Bump astroid to 4.0.4, update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/b25ee05e15b70693a4d740ac563568e0b618ec0d\"\u003e\u003ccode\u003eb25ee05\u003c/code\u003e\u003c/a\u003e Fix namespace detection crash (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2949\"\u003e#2949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/b978037e67f233f4366de4ccbcdad2c627474477\"\u003e\u003ccode\u003eb978037\u003c/code\u003e\u003c/a\u003e Bump astroid to 4.0.3, update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/5476bc3dad1fe83bd4725ae284229a51326bd97c\"\u003e\u003ccode\u003e5476bc3\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Wrong inference with default argument values (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/ae761dca40d1aa1b7e7b941e535a819acd83f9a5\"\u003e\u003ccode\u003eae761dc\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix base class inference for dataclasses with PE...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/077c51fa1eb737a13d6888873dc432cf8cbbe9e0\"\u003e\u003ccode\u003e077c51f\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] [typing] Add sys check guard for typing.Self for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/f3255d1611277ecc3d6f338d551ce8437f66ae72\"\u003e\u003ccode\u003ef3255d1\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Skip mypy install for pypy (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2906\"\u003e#2906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/d2823f2cb764b3d63c91998f6cd392629147c095\"\u003e\u003ccode\u003ed2823f2\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] [ci] Fix windows cache key (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/05c79e1e57da03875a8fd8a30715688f179585da\"\u003e\u003ccode\u003e05c79e1\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Improve self argument typing (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2904\"\u003e#2904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/a068430290b375a06f6eccdcea7d5026995172ba\"\u003e\u003ccode\u003ea068430\u003c/code\u003e\u003c/a\u003e Bump astroid to 4.0.2, update changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pylint-dev/astroid/compare/v3.3.11...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.7 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.5 — 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eissue 2138\u003c/code\u003e_ describes a memory leak that happened when repeatedly\nusing the Coverage API with in-memory data. This is now fixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the markdown-formatted coverage report didn't fully escape special\ncharacters in file paths (\u003ccode\u003eissue 2141\u003c/code\u003e\u003cem\u003e). This would be very unlikely to\ncause a problem, but now it's done properly, thanks to \u003ccode\u003eEllie Ayla \u0026lt;pull 2142_\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the C extension wouldn't build on VS2019, but now it does (\u003ccode\u003eissue 2145\u003c/code\u003e_).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.7...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cssselect2` from 0.8.0 to 0.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/cssselect2/releases\"\u003ecssselect2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support of Python 3.9, support 3.14\u003c/li\u003e\n\u003cli\u003eSupport :host\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/cssselect2/blob/main/docs/changelog.rst\"\u003ecssselect2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003eVersion 0.9.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2026-02-12.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support of Python 3.9, support 3.14\u003c/li\u003e\n\u003cli\u003eSupport :host\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 0.8.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2025-03-05.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support of Python 3.8 and 3.9, support 3.12 and 3.13\u003c/li\u003e\n\u003cli\u003eHandle case-sensitive and case-insensitive attribute selectors\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 0.7.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2022-09-19.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport :has selector\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 0.6.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2022-04-15.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis version deprecates the \u003ccode\u003eiter_ancestors\u003c/code\u003e and \u003ccode\u003eiter_previous_siblings\u003c/code\u003e\nmethods, that will be removed in 0.7.0. Use the \u003ccode\u003ean...\n\n_Description has been truncated_","html_url":"https://github.com/greenbone/pheme/pull/1059","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fpheme/issues/1059","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1059/packages"},{"uuid":"4513722182","node_id":"PR_kwDOKXYUl87e4MDZ","number":88,"state":"open","title":"Bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["AHReccese"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T01:50:31.000Z","updated_at":"2026-05-25T01:52:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"\u003e [!WARNING]\n\u003e Dependabot will stop supporting `python v3.9`!\n\u003e \n\u003e Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`.\n\u003e\n\nBumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/openscilab/dmeta/pull/88","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscilab%2Fdmeta/issues/88","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/88/packages"},{"uuid":"4513242110","node_id":"PR_kwDOSKM6Lc7e2uX0","number":20,"state":"open","title":"chore(deps): bump lxml from 5.0.0 to 5.4.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T23:08:27.000Z","updated_at":"2026-05-24T23:08:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"lxml","old_version":"5.0.0","new_version":"5.4.0","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 5.0.0 to 5.4.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.3.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.3.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.2.2\u003c/h2\u003e\n\u003ch1\u003e5.2.2 (2024-05-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#417: The \u003ccode\u003etest_feed_parser\u003c/code\u003e test could fail if \u003ccode\u003elxml_html_clean\u003c/code\u003e was not installed.\nIt is now skipped in that case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to\n\u0026quot;core2\u0026quot;, without SSE 4.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIf libxml2 uses iconv, the compile time version is available as \u003ccode\u003eetree.ICONV_COMPILED_VERSION\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.2.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.2.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.1.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.1.0-2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.3.2 (2025-04-05)\u003c/h1\u003e\n\u003cp\u003eThis release resolves CVE-2025-24928 as described in\n\u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\"\u003ehttps://gitlab.gnome.org/GNOME/libxml2/-/issues/847\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBinary wheels use libxml2 2.12.10 and libxslt 1.1.42.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBinary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.3.1 (2025-02-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#440: Some tests were adapted for libxml2 2.14.0.\nPatch by Nick Wellnhofer.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2097175: \u003ccode\u003eDTD(external_id=\u0026quot;…\u0026quot;)\u003c/code\u003e erroneously required a byte string as ID value.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGH#450: \u003ccode\u003eiterparse()\u003c/code\u003e internally triggered the `DeprecationWarning`` added in lxml 5.3.0 when parsing HTML.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGH#442: Binary wheels for macOS no longer use the linker flag \u003ccode\u003e-flat_namespace\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.3.0 (2024-08-10)\u003c/h1\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6e76d57af83d59d7a0456fd5889e392a7b366b43\"\u003e\u003ccode\u003e6e76d57\u003c/code\u003e\u003c/a\u003e Build: Exclude slow Py3.9 wheel builds for s390/ppc and Py3.7 for ARM64.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/ee10c02bb771be22e6e3c36a90f3b66e5ce87752\"\u003e\u003ccode\u003eee10c02\u003c/code\u003e\u003c/a\u003e Prepare release of lxml 5.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/0e4f3c33723bb2b4d9565046a24a896c36fb5602\"\u003e\u003ccode\u003e0e4f3c3\u003c/code\u003e\u003c/a\u003e Prepare release of lxml 5.3.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4703fc2e74296a1bcb44ba050d856ceab21d87f\"\u003e\u003ccode\u003eb4703fc\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/db723bb3b9140f9f313f4b638790a69e82eae2a3\"\u003e\u003ccode\u003edb723bb\u003c/code\u003e\u003c/a\u003e Build: Use libxslt 1.1.43 instead of 1.1.42 to resolve some CVEs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a664877bde77d4d649fb8475e8bfb2bc2693ac26\"\u003e\u003ccode\u003ea664877\u003c/code\u003e\u003c/a\u003e Build: Use libxml2 2.13.8 instead of 2.12.x to resolve some CVEs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/df4633e7a919f0a4d42df310f17477b5ab51e403\"\u003e\u003ccode\u003edf4633e\u003c/code\u003e\u003c/a\u003e Remove appveyor usage.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/820db896be83f72f1cb653981362c682c8fc0d1f\"\u003e\u003ccode\u003e820db89\u003c/code\u003e\u003c/a\u003e CI: Allow Py3.14 jobs to fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/93ad02aad6caa1a7a4b2f595c2973644709cb5f9\"\u003e\u003ccode\u003e93ad02a\u003c/code\u003e\u003c/a\u003e docs: Add a note about C compiler installation to error message (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/454\"\u003eGH-454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/16878dac7075903c7b6e412f5f770ce43e942509\"\u003e\u003ccode\u003e16878da\u003c/code\u003e\u003c/a\u003e Add some hints to the documentation on how to build lxml (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/453\"\u003eGH-453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.0.0...lxml-5.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=5.0.0\u0026new-version=5.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/other9/market-monitor/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/other9%2Fmarket-monitor/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"4511147888","node_id":"PR_kwDOJ4I5W87ewc_R","number":110,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T09:50:20.000Z","updated_at":"2026-05-24T09:50:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":4,"packages":[{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the /apps/api directory: [idna](https://github.com/kjd/idna), [lxml](https://github.com/lxml/lxml), [python-dotenv](https://github.com/theskumar/python-dotenv) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/totallynotdavid/megaloader/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/totallynotdavid/megaloader/pull/110","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/totallynotdavid%2Fmegaloader/issues/110","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/110/packages"},{"uuid":"4507787697","node_id":"PR_kwDOSFqbNs7emdDz","number":42,"state":"closed","title":"chore(deps): Bump the minor-and-patch group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T10:33:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T10:33:48.000Z","updated_at":"2026-05-30T10:33:12.000Z","time_to_close":604762,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"minor-and-patch","update_count":6,"packages":[{"name":"uvicorn","old_version":"0.46.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"ctranslate2","old_version":"4.7.1","new_version":"4.7.2","repository_url":"https://github.com/OpenNMT/CTranslate2"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 6 updates in the /apps/python-extractor directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.47.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [ctranslate2](https://github.com/OpenNMT/CTranslate2) | `4.7.1` | `4.7.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.14` |\n\n\nUpdates `uvicorn` from 0.46.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/6761b2c8f9272fa0e908d0b9cdcb3cb0aa11382f\"\u003e\u003ccode\u003e6761b2c\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2923\"\u003e#2923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/438f64834de00708a9bb3548a36090e7a924ad84\"\u003e\u003ccode\u003e438f648\u003c/code\u003e\u003c/a\u003e Surface sponsors on welcome page and sidebar (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2921\"\u003e#2921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/10ddc6dd296cb6e432a00835abe27f1c822373c1\"\u003e\u003ccode\u003e10ddc6d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/b499bc45101d920e691e384025d728507215d4d1\"\u003e\u003ccode\u003eb499bc4\u003c/code\u003e\u003c/a\u003e Eagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.14.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ctranslate2` from 4.7.1 to 4.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/OpenNMT/CTranslate2/releases\"\u003ectranslate2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/releases/tag/v4.7.2\"\u003ev4.7.2\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGemma4 support for dense model (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2048\"\u003e#2048\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes and improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGemma 3 model conversion fixes (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2037\"\u003e#2037\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate source ROCM version from 7.2 to 7.2.1 (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2030\"\u003e#2030\u003c/a\u003e) by \u003ca href=\"https://github.com/racedale\"\u003e\u003ccode\u003e@​racedale\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFree curand states before the thread is destroyed (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1912\"\u003e#1912\u003c/a\u003e) by \u003ca href=\"https://github.com/no1d\"\u003e\u003ccode\u003e@​no1d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/OpenNMT/CTranslate2/blob/master/CHANGELOG.md\"\u003ectranslate2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/releases/tag/v4.7.2\"\u003ev4.7.2\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGemma4 support for dense model (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2048\"\u003e#2048\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes and improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGemma 3 model conversion fixes (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2037\"\u003e#2037\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate source ROCM version from 7.2 to 7.2.1 (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2030\"\u003e#2030\u003c/a\u003e) by \u003ca href=\"https://github.com/racedale\"\u003e\u003ccode\u003e@​racedale\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFree curand states before the thread is destroyed (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1912\"\u003e#1912\u003c/a\u003e) by \u003ca href=\"https://github.com/no1d\"\u003e\u003ccode\u003e@​no1d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/9ff9c719e62b98fb8a993c1629833b0ddab447db\"\u003e\u003ccode\u003e9ff9c71\u003c/code\u003e\u003c/a\u003e Fix PyPI publish: download wheels to dist/ to avoid directory hash error (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/9463f04e3c57df5de7fb42ad4f8fe0ad796745a5\"\u003e\u003ccode\u003e9463f04\u003c/code\u003e\u003c/a\u003e Fix flaky transformers_wav2vec2 test (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1996\"\u003e#1996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/95fdccbadf3b1eec494c6602727a620c699d7719\"\u003e\u003ccode\u003e95fdccb\u003c/code\u003e\u003c/a\u003e Bump version to 4.72\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/09e5feacc275bb2872fe5358a0a014fca701a361\"\u003e\u003ccode\u003e09e5fea\u003c/code\u003e\u003c/a\u003e Gemma4 support for dense model (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2048\"\u003e#2048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/c85c983886ee376f45973f13ed588e998de87819\"\u003e\u003ccode\u003ec85c983\u003c/code\u003e\u003c/a\u003e Free curand states before the thread is destroyed (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1912\"\u003e#1912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/d077c47f301dbea4b6959ba8aa58a93e5aae993a\"\u003e\u003ccode\u003ed077c47\u003c/code\u003e\u003c/a\u003e Update source ROCM version from 7.2 to 7.2.1 (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2030\"\u003e#2030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/ac19abd41cadf83cd5661adc91e45b6efa038cf7\"\u003e\u003ccode\u003eac19abd\u003c/code\u003e\u003c/a\u003e Gemma 3 model conversion fixes (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2037\"\u003e#2037\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/OpenNMT/CTranslate2/compare/v4.7.1...v4.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/dKaulig/shared-cookbook/pull/42","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dKaulig%2Fshared-cookbook/issues/42","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/42/packages"},{"uuid":"4506363109","node_id":"PR_kwDONu9M787eiEw_","number":58,"state":"open","title":"Bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T01:13:32.000Z","updated_at":"2026-05-23T01:14:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ma4nn/pp-terminal/pull/58","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ma4nn%2Fpp-terminal/issues/58","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/58/packages"},{"uuid":"4505522415","node_id":"PR_kwDORlvf987efbCS","number":663,"state":"closed","title":"deps(uv): bump the uv-minor-patch group with 20 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T23:11:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T20:50:04.000Z","updated_at":"2026-05-29T23:11:58.000Z","time_to_close":613312,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(uv): bump","group_name":"uv-minor-patch","update_count":20,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"greenlet","old_version":"3.5.0","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"idna","old_version":"3.15","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"numpy","old_version":"2.4.5","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"oracledb","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/oracle/python-oracledb"},{"name":"pymysql","old_version":"1.1.3","new_version":"1.2.0","repository_url":"https://github.com/PyMySQL/PyMySQL"},{"name":"pypdf","old_version":"6.11.0","new_version":"6.12.1","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.28","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"sentence-transformers","old_version":"5.5.0","new_version":"5.5.1","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"hypothesis","old_version":"6.152.7","new_version":"6.152.9","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ast-serialize","old_version":"0.3.0","new_version":"0.5.0","repository_url":"https://github.com/mypyc/ast_serialize"},{"name":"cbor2","old_version":"6.0.1","new_version":"6.1.1","repository_url":"https://github.com/agronholm/cbor2"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"python-discovery","old_version":"1.3.0","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"stevedore","old_version":"5.7.0","new_version":"5.8.0"},{"name":"virtualenv","old_version":"21.3.1","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv-minor-patch group with 20 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.0` | `3.5.1` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.16` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.5` | `2.4.6` |\n| [oracledb](https://github.com/oracle/python-oracledb) | `4.0.0` | `4.0.1` |\n| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.3` | `1.2.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.11.0` | `6.12.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.29` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.5.0` | `5.5.1` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.152.7` | `6.152.9` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.14` |\n| [ast-serialize](https://github.com/mypyc/ast_serialize) | `0.3.0` | `0.5.0` |\n| [cbor2](https://github.com/agronholm/cbor2) | `6.0.1` | `6.1.1` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.3.0` | `1.3.1` |\n| [stevedore](https://docs.openstack.org/stevedore) | `5.7.0` | `5.8.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.3.1` | `21.3.3` |\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.5.0 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.5.0...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.15 to 3.16\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4e6cbe225a3e0b6e7eed2082086a12cba526e787\"\u003e\u003ccode\u003e4e6cbe2\u003c/code\u003e\u003c/a\u003e Demote installation instruction to usage section\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/223533c34c9e23470e714ed9b1f1c41867177732\"\u003e\u003ccode\u003e223533c\u003c/code\u003e\u003c/a\u003e Merge branch 'readme-simplification' into release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b1640b228a50b3c94ffcf8a664eb6cb186550f3e\"\u003e\u003ccode\u003eb1640b2\u003c/code\u003e\u003c/a\u003e Bump version to 3.16rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/3a861132be61091454aae10c292d98bcfd3cd797\"\u003e\u003ccode\u003e3a86113\u003c/code\u003e\u003c/a\u003e Update history for 3.16 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d4bc9e742b753cff2ec6c53bd4be730863ca9c53\"\u003e\u003ccode\u003ed4bc9e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/246\"\u003e#246\u003c/a\u003e from kjd/python-3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a21d9fca6b04c47ddbd0303d62bbc0712b55f43d\"\u003e\u003ccode\u003ea21d9fc\u003c/code\u003e\u003c/a\u003e Update deprecation policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b46492694aa21dc1c3608f59dd5b9620c08b2d0f\"\u003e\u003ccode\u003eb464926\u003c/code\u003e\u003c/a\u003e Raise minimum Python to 3.9 and modernize typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7f3b15e8839f0e404a00054c4072e69347e727f2\"\u003e\u003ccode\u003e7f3b15e\u003c/code\u003e\u003c/a\u003e Explicit example not needed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7530c7020ae2bcf0acff1fafd71fb047a3b117ed\"\u003e\u003ccode\u003e7530c70\u003c/code\u003e\u003c/a\u003e Remove unnecessary print()\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.15...v3.16\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.5 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.5...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oracledb` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oracle/python-oracledb/releases\"\u003eoracledb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003cp\u003epython-oracledb 4.0.1 is now released. This release addresses a number of issues. See the \u003ca href=\"https://python-oracledb.readthedocs.io/en/latest/release_notes.html#oracledb-4-0-1-may-2026\"\u003efull release notes\u003c/a\u003e for all of the details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/3daef052904e41668bb862e6fa40f43c22a81beb\"\u003e\u003ccode\u003e3daef05\u003c/code\u003e\u003c/a\u003e Preparing to release python-oracledb 4.0.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/87859452fc15b9f419cbae35665db4a2b2f6023d\"\u003e\u003ccode\u003e8785945\u003c/code\u003e\u003c/a\u003e Tweak docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/899257e24188de69ba3a54183d9b3d3f8bc2f977\"\u003e\u003ccode\u003e899257e\u003c/code\u003e\u003c/a\u003e Remove checks for Oracle Client libraries earlier than 19 since those versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/de7cbb80e223faa2b1484943ec11d8e9c4a9a19e\"\u003e\u003ccode\u003ede7cbb8\u003c/code\u003e\u003c/a\u003e Mark fixtures as session-based fixtures when they can be to avoid unnecessary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/a5a5700dff18a8757e3e4d95bd5826e5921051ea\"\u003e\u003ccode\u003ea5a5700\u003c/code\u003e\u003c/a\u003e Fixed bug when specifying wallet_location as the keyword SYSTEM (which is\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/ac85017f86fa2a15bf0e947bf13b248307f2d7e8\"\u003e\u003ccode\u003eac85017\u003c/code\u003e\u003c/a\u003e Fixed bug when specifying a value for the ORA_SDTZ environment variable as one\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/52cfd20b47c36c467026e4f1ac9d92ef75eee9cd\"\u003e\u003ccode\u003e52cfd20\u003c/code\u003e\u003c/a\u003e Merged test files and added tests for validating a connection pool does not\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/afab7137952d574d711cce18c315096dd4d36202\"\u003e\u003ccode\u003eafab713\u003c/code\u003e\u003c/a\u003e Fixed bug causing a connection pool to grow beyond its maximum allowed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/a7b40f112949875a2bb1449ffcb068953cd88999\"\u003e\u003ccode\u003ea7b40f1\u003c/code\u003e\u003c/a\u003e Add missing closing brace!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/99d9ff0eb77a17cf9b77b6e7f3d2b6942de101cd\"\u003e\u003ccode\u003e99d9ff0\u003c/code\u003e\u003c/a\u003e Include the C library in the matrix to ensure unique artifact names.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oracle/python-oracledb/compare/v4.0.0...v4.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymysql` from 1.1.3 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/releases\"\u003epymysql's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the all-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1232\"\u003ePyMySQL/PyMySQL#1232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReorganize TLS options: implement PREFERRED/REQUIRED SSL mode behavior by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1234\"\u003ePyMySQL/PyMySQL#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport MySQL 8 row/column alias syntax in \u003ccode\u003eexecutemany\u003c/code\u003e INSERT regex by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1235\"\u003ePyMySQL/PyMySQL#1235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose SQLSTATE on MySQL protocol exceptions without changing exception formatting by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1236\"\u003ePyMySQL/PyMySQL#1236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReject non-finite \u003ccode\u003edecimal.Decimal\u003c/code\u003e query parameters (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003esNaN\u003c/code\u003e, \u003ccode\u003e±Infinity\u003c/code\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1237\"\u003ePyMySQL/PyMySQL#1237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update outdated requirements and reference links by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1239\"\u003ePyMySQL/PyMySQL#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare CHANGELOG for v1.2.0 release from v1.1.3 changes by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1238\"\u003ePyMySQL/PyMySQL#1238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate \u003ccode\u003edb\u003c/code\u003e and \u003ccode\u003epasswd\u003c/code\u003e again by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1240\"\u003ePyMySQL/PyMySQL#1240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate \u003ccode\u003ereconnect\u003c/code\u003e in \u003ccode\u003eConnection.ping()\u003c/code\u003e by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1241\"\u003ePyMySQL/PyMySQL#1241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eConnection.set_charset()\u003c/code\u003e at runtime and document warning behavior by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1243\"\u003ePyMySQL/PyMySQL#1243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.2.0 by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1244\"\u003ePyMySQL/PyMySQL#1244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1234\"\u003ePyMySQL/PyMySQL#1234\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.3...v1.2.0\"\u003ehttps://github.com/PyMySQL/PyMySQL/compare/v1.1.3...v1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md\"\u003epymysql's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eRelease date: 2026-05-19\u003c/p\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eConnection.ping()\u003c/code\u003e change the default to not reconnect and deprecate \u003ccode\u003ereconnect\u003c/code\u003e argument.\nCreate a new connection if you want to reconnect. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1241\"\u003e#1241\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eError classes in Cursor class are removed. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1240\"\u003e#1240\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003econnect()\u003c/code\u003e arguments \u003ccode\u003edb\u003c/code\u003e and \u003ccode\u003epasswd\u003c/code\u003e now emit DeprecationWarning.\nUse \u003ccode\u003edatabase\u003c/code\u003e and \u003ccode\u003epassword\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1240\"\u003e#1240\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReorganize TLS connection behavior.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePyMySQL uses TLS by default when server supports it.\nUse \u003ccode\u003essl_disabled=True\u003c/code\u003e to prohibit SSL. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1213\"\u003e#1213\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen \u003ccode\u003essl_verify_cert=True\u003c/code\u003e, \u003ccode\u003essl_verify_identity=True\u003c/code\u003e, an \u003ccode\u003essl.SSLContext\u003c/code\u003e is passed,\nor when any other SSL option is configured, the connection \u003cstrong\u003erequires\u003c/strong\u003e SSL and raises\n\u003ccode\u003eOperationalError\u003c/code\u003e (CR_SSL_CONNECTION_ERROR) if the server doesn't support it. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1234\"\u003e#1234\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport MySQL 8 row/column alias syntax in \u003ccode\u003eexecutemany\u003c/code\u003e INSERT regex. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1235\"\u003e#1235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExpose SQLSTATE on MySQL protocol exceptions without changing exception formatting. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1236\"\u003e#1236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject non-finite \u003ccode\u003edecimal.Decimal\u003c/code\u003e query parameters (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003esNaN\u003c/code\u003e, \u003ccode\u003e±Infinity\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1237\"\u003e#1237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConnection.set_charset(charset)\u003c/code\u003e now emits \u003ccode\u003eDeprecationWarning\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/0f1c324a6b73e34810af3e584f6d32554604488a\"\u003e\u003ccode\u003e0f1c324\u003c/code\u003e\u003c/a\u003e use ubuntu-latest for pypi publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/53b16b22f0fefc64ccf4606f20c87bedcceb1cac\"\u003e\u003ccode\u003e53b16b2\u003c/code\u003e\u003c/a\u003e Release v1.2.0 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1244\"\u003e#1244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/637fe7e6b2b1bc6effefc53d0faccfe3d5036ea5\"\u003e\u003ccode\u003e637fe7e\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eConnection.set_charset()\u003c/code\u003e at runtime and document warning behavior...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/23ca04a357a042db4188adefd04031c205837927\"\u003e\u003ccode\u003e23ca04a\u003c/code\u003e\u003c/a\u003e add AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/7349a44e2b264395bd2d78fe3c9b7fdb26a7e740\"\u003e\u003ccode\u003e7349a44\u003c/code\u003e\u003c/a\u003e deprecate \u003ccode\u003ereconnect\u003c/code\u003e in \u003ccode\u003eConnection.ping()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1241\"\u003e#1241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/ad5c50c254925caf24dbc06832a69f5c5c5ec76b\"\u003e\u003ccode\u003ead5c50c\u003c/code\u003e\u003c/a\u003e update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/c963edbf53ac52f9ea6c9717411127d0d7f7061a\"\u003e\u003ccode\u003ec963edb\u003c/code\u003e\u003c/a\u003e Deprecation and removals (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1240\"\u003e#1240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/af6b9b42abcea73d9bfdb0aaff75656171c9cec7\"\u003e\u003ccode\u003eaf6b9b4\u003c/code\u003e\u003c/a\u003e Prepare CHANGELOG for v1.2.0 release from v1.1.3 changes (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1238\"\u003e#1238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/c7bf73f1987c3b78debb39a7a074e806178ecc9b\"\u003e\u003ccode\u003ec7bf73f\u003c/code\u003e\u003c/a\u003e docs: update outdated requirements and reference links (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1239\"\u003e#1239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/c532b8d9d515ac5769cd285a5a520afed1e035c1\"\u003e\u003ccode\u003ec532b8d\u003c/code\u003e\u003c/a\u003e Reject non-finite \u003ccode\u003edecimal.Decimal\u003c/code\u003e query parameters (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003esNaN\u003c/code\u003e, `±Infini...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.3...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.11.0 to 6.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.12.1, 2026-05-22\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit input size and element count for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3796\"\u003e#3796\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent cyclic parent hierarchies for inherited dictionaries (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3795\"\u003e#3795\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeal with invalid first code in LZW decoder (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3794\"\u003e#3794\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.12.0...6.12.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.12.0, 2026-05-21\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow cross-reference streams with zero-only width values (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3791\"\u003e#3791\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid excessive whitespace in layout mode text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3790\"\u003e#3790\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement SASLprep (RFC 4013) for AES-256 password normalization (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3780\"\u003e#3780\u003c/a\u003e) by \u003ca href=\"https://github.com/adityamoolya\"\u003e\u003ccode\u003e@​adityamoolya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCID font resource from font file to encode more characters (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3652\"\u003e#3652\u003c/a\u003e) by \u003ca href=\"https://github.com/PJBrs\"\u003e\u003ccode\u003e@​PJBrs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize retrieval of named destinatinos in reader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3442\"\u003e#3442\u003c/a\u003e) by \u003ca href=\"https://github.com/larsga\"\u003e\u003ccode\u003e@​larsga\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix TreeObject.insert_child KeyError on fresh children (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3786\"\u003e#3786\u003c/a\u003e) by \u003ca href=\"https://github.com/Abzaek\"\u003e\u003ccode\u003e@​Abzaek\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppearanceStream: Also honor user-set font name when not flattening annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3781\"\u003e#3781\u003c/a\u003e) by \u003ca href=\"https://github.com/PJBrs\"\u003e\u003ccode\u003e@​PJBrs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock encrypting writer in incremental mode (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3789\"\u003e#3789\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.11.0...6.12.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.12.1, 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit input size and element count for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3796\"\u003e#3796\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent cyclic parent hierarchies for inherited dictionaries (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3795\"\u003e#3795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeal with invalid first code in LZW decoder (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3794\"\u003e#3794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.12.0...6.12.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.12.0, 2026-05-21\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow cross-reference streams with zero-only width values (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3791\"\u003e#3791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid excessive whitespace in layout mode text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3790\"\u003e#3790\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement SASLprep (RFC 4013) for AES-256 password normalization (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3780\"\u003e#3780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCID font resource from font file to encode more characters (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3652\"\u003e#3652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize retrieval of named destinatinos in reader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3442\"\u003e#3442\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix TreeObject.insert_child KeyError on fresh children (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3786\"\u003e#3786\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppearanceStream: Also honor user-set font name when not flattening annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3781\"\u003e#3781\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock encrypting writer in incremental mode (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3789\"\u003e#3789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.11.0...6.12.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/228780a5c759feae0ed1c2741ad36ba86e0e1475\"\u003e\u003ccode\u003e228780a\u003c/code\u003e\u003c/a\u003e REL: 6.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62191d5a5c3ee218856d3cbaa039366bc97909f7\"\u003e\u003ccode\u003e62191d5\u003c/code\u003e\u003c/a\u003e SEC: Limit input size and element count for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3796\"\u003e#3796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/e85263124757d277ed463d737fe830920ba7f1ea\"\u003e\u003ccode\u003ee852631\u003c/code\u003e\u003c/a\u003e ROB: Prevent cyclic parent hierarchies for inherited dictionaries (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3795\"\u003e#3795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/6b4bbcc43e6c357b381751f0aa09fcbd5825cd63\"\u003e\u003ccode\u003e6b4bbcc\u003c/code\u003e\u003c/a\u003e ROB: Deal with invalid first code in LZW decoder (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3794\"\u003e#3794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/20c16d372521cf8485756ad1e4d95021b9c94f79\"\u003e\u003ccode\u003e20c16d3\u003c/code\u003e\u003c/a\u003e TST: Update tests for Python 3.15 support (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3793\"\u003e#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/08eb1435ef2e4d1e3d5fe90636c3cee7aa6f4470\"\u003e\u003ccode\u003e08eb143\u003c/code\u003e\u003c/a\u003e REL: 6.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/507d7c9aa6ea83389b954b9c3c0c528fe5d5da70\"\u003e\u003ccode\u003e507d7c9\u003c/code\u003e\u003c/a\u003e SEC: Disallow cross-reference streams with zero-only width values (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3791\"\u003e#3791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9d2747057c4afc06ccc0fc6244a3915ba6ea6f0b\"\u003e\u003ccode\u003e9d27470\u003c/code\u003e\u003c/a\u003e SEC: Avoid excessive whitespace in layout mode text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3790\"\u003e#3790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0a8e699d33ff1d82fae17b7cfa6d01b822be50b2\"\u003e\u003ccode\u003e0a8e699\u003c/code\u003e\u003c/a\u003e DOC: Block encrypting writer in incremental mode (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3789\"\u003e#3789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/541ebd4e6e0c23dd90f5723210b585655d2a9519\"\u003e\u003ccode\u003e541ebd4\u003c/code\u003e\u003c/a\u003e DEV: Update idna from version 3.10 to 3.15\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.11.0...6.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.28 to 0.0.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentence-transformers` from 5.5.0 to 5.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.1 - Small Multimodal patch\u003c/h2\u003e\n\u003cp\u003eThis patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.5.1\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.5.1\npip install sentence-transformers[onnx-gpu]==5.5.1\npip install sentence-transformers[onnx]==5.5.1\npip install sentence-transformers[openvino]==5.5.1\u003c/p\u003e\n\u003ch1\u003eMultimodal dependencies (optional):\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[image]==5.5.1\npip install sentence-transformers[audio]==5.5.1\npip install sentence-transformers[video]==5.5.1\u003c/p\u003e\n\u003ch1\u003eOr combine as needed:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[train,onnx,image]==5.5.1\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug fixed\u003c/h2\u003e\n\u003cp\u003ePreviously, inference like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e or \u003ccode\u003emodel.encode([{\u0026quot;image\u0026quot;: ...}, ...])\u003c/code\u003e would be inferred as the \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e modality, which differed from the inferred modality of \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e for just \u003ccode\u003emodel.encode(my_image)\u003c/code\u003e or \u003ccode\u003emodel.encode([my_image, my_image_2, ...])\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis results in confusing errors if the model doesn't have a \u003ccode\u003emodality_config\u003c/code\u003e mapping for \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e in addition to \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, so now a single-key multimodal dict is collapsed to the bare modality (just \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e in this example).\u003c/p\u003e\n\u003cp\u003eThis affected this code:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\r\nfrom sentence_transformers import SentenceTransformer\r\n\u003cp\u003emodel = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)\nembedding = model.encode({\u0026quot;image\u0026quot;: \u0026quot;\u003ca href=\"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;%7D\"\u003ehttps://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;}\u003c/a\u003e)\nprint(embedding.shape)\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eWhich previously failed as the model only implements a path for \u003ccode\u003e\u0026quot;text\u0026quot;\u003c/code\u003e, \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, and \u003ccode\u003e(\u0026quot;image\u0026quot;, \u0026quot;text\u0026quot;)\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eAll Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Collapse single-key multimodal dicts to bare modality by \u003ca href=\"https://github.com/tomaarsen\"\u003e\u003ccode\u003e@​tomaarsen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ehttps://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce3ec6d87f25b2d1cccb0a20f8fd495dad5c30fb\"\u003e\u003ccode\u003ece3ec6d\u003c/code\u003e\u003c/a\u003e Release v5.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/610a7c5ccfdfccc19933900feba0206f2e76bf59\"\u003e\u003ccode\u003e610a7c5\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Collapse single-key multimodal dicts to bare modality (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hypothesis` from 6.152.7 to 6.152.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/releases\"\u003ehypothesis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.9\u003c/h2\u003e\n\u003cp\u003eThis release substantially improves our internal distribution for\ngenerating integers. This release has the most visible effect on\n\u0026quot;integers()\u0026quot;, but may incidentally improve other strategies which draw\nintegers internally.\u003c/p\u003e\n\u003cp\u003eOur integers distribution had two problems. First, it had jagged\ndiscontinuities at certain values where we switched sampling\napproaches. Second, it used a different distribution for bounded and\nunbounded ranges, which resulted in \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(-2\u003cstrong\u003e64, 2\u003c/strong\u003e64)\u0026quot; producing very different distributions\ndespite being semantically similar.\u003c/p\u003e\n\u003cp\u003eWe now use a smooth distribution for both \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(a, b)\u0026quot;, which fixes both of these issues. This should\nsubstantially improve our testing power in certain cases.\u003c/p\u003e\n\u003cp\u003eThe only way this release should be user-visible is that it finds more\nbugs! If this release is user-visible in other ways - for example,\nbecause it is slower, or produces a worse distribution in some cases -\nplease open an issue.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-9\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.8\u003c/h2\u003e\n\u003cp\u003eThis release drops support for end-of-life Django 4.2.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-8\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/56018dc5d192cb5d58528fcf9dd9799e5744b52c\"\u003e\u003ccode\u003e56018dc\u003c/code\u003e\u003c/a\u003e Bump hypothesis-python version to 6.152.9 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/4b976e2a0d4c4120d99afac3df84bd6b440ea1c7\"\u003e\u003ccode\u003e4b976e2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4728\"\u003e#4728\u003c/a\u003e from HypothesisWorks/new-integers-distribution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/ec394ecb8ecad42e2bba9bd51d61c88be5a497a3\"\u003e\u003ccode\u003eec394ec\u003c/code\u003e\u003c/a\u003e Bump hypothesis-python version to 6.152.8 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/70a31faa9ac2f61bec5ecdc0459bdc82d5aa52af\"\u003e\u003ccode\u003e70a31fa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4709\"\u003e#4709\u003c/a\u003e from HypothesisWorks/create-pull-request/patch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/ab53fc1f1fe2df4322d75635afd6cef7c91a91e5\"\u003e\u003ccode\u003eab53fc1\u003c/code\u003e\u003c/a\u003e drop end-of-life Django 4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/0f3d80ecdc6ca245472f2d16859bc3968577bacd\"\u003e\u003ccode\u003e0f3d80e\u003c/code\u003e\u003c/a\u003e sort PYTHONS dict in autoupdate output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/3cdf0c853b41451db9249f96dc6c283fc12d43aa\"\u003e\u003ccode\u003e3cdf0c8\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/b5f597533e4ae067c401a5acd529862cb873e4f0\"\u003e\u003ccode\u003eb5f5975\u003c/code\u003e\u003c/a\u003e address typing changes for mypy 2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/14f3bd48bc785ebe2acfd5d94030bb5f5765bfc6\"\u003e\u003ccode\u003e14f3bd4\u003c/code\u003e\u003c/a\u003e Update pinned dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/c1836416f2c1c...\n\n_Description has been truncated_","html_url":"https://github.com/FabioLeitao/data-boar/pull/663","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FabioLeitao%2Fdata-boar/issues/663","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/663/packages"},{"uuid":"4502189583","node_id":"PR_kwDODyT54s7eUjt0","number":1225,"state":"closed","title":"Deps: Bump the python-packages group across 1 directory with 14 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T04:38:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T11:20:30.000Z","updated_at":"2026-05-25T04:38:58.000Z","time_to_close":235105,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Deps: Bump","group_name":"python-packages","update_count":14,"packages":[{"name":"tomlkit","old_version":"0.14.0","new_version":"0.15.0","repository_url":"https://github.com/python-poetry/tomlkit"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"idna","old_version":"3.15","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.9.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mdit-py-plugins","old_version":"0.5.0","new_version":"0.6.1","repository_url":"https://github.com/executablebooks/mdit-py-plugins"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.46.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [tomlkit](https://github.com/python-poetry/tomlkit) | `0.14.0` | `0.15.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.16` |\n| [librt](https://github.com/mypyc/librt) | `0.9.0` | `0.11.0` |\n| [mdit-py-plugins](https://github.com/executablebooks/mdit-py-plugins) | `0.5.0` | `0.6.1` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.14` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.47.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n\n\nUpdates `tomlkit` from 0.14.0 to 0.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/tomlkit/releases\"\u003etomlkit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(spec): update to toml spec v1.1 by \u003ca href=\"https://github.com/frostming\"\u003e\u003ccode\u003e@​frostming\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/456\"\u003epython-poetry/tomlkit#456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/455\"\u003epython-poetry/tomlkit#455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump virtualenv from 20.26.6 to 20.36.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/454\"\u003epython-poetry/tomlkit#454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/458\"\u003epython-poetry/tomlkit#458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pygments from 2.18.0 to 2.20.0 in /docs by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/464\"\u003epython-poetry/tomlkit#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump pygments from 2.17.2 to 2.20.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/463\"\u003epython-poetry/tomlkit#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump requests from 2.32.4 to 2.33.0 in /docs by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/462\"\u003epython-poetry/tomlkit#462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/461\"\u003epython-poetry/tomlkit#461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eType annotations by \u003ca href=\"https://github.com/dimbleby\"\u003e\u003ccode\u003e@​dimbleby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/460\"\u003epython-poetry/tomlkit#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor sort_keys for parsed TOML documents by \u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/471\"\u003epython-poetry/tomlkit#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/469\"\u003epython-poetry/tomlkit#469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: fix a parser hang by \u003ca href=\"https://github.com/dimbleby\"\u003e\u003ccode\u003e@​dimbleby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/470\"\u003epython-poetry/tomlkit#470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/472\"\u003epython-poetry/tomlkit#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 0.15.0 and update changelog for release by \u003ca href=\"https://github.com/frostming\"\u003e\u003ccode\u003e@​frostming\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/473\"\u003epython-poetry/tomlkit#473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dimbleby\"\u003e\u003ccode\u003e@​dimbleby\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/460\"\u003epython-poetry/tomlkit#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/471\"\u003epython-poetry/tomlkit#471\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/python-poetry/tomlkit/compare/0.14.0...0.15.0\"\u003ehttps://github.com/python-poetry/tomlkit/compare/0.14.0...0.15.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md\"\u003etomlkit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.15.0] - 2026-05-10\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate parser to support TOML spec v1.1.0. (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/8694e4d3323df68eb325bf3d5ab7caa66f8c206a\"\u003e\u003ccode\u003e8694e4d\u003c/code\u003e\u003c/a\u003e chore: bump version to 0.15.0 and update changelog for release (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/473\"\u003e#473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/e636a5121260e811dba9fd1c33656021f6855490\"\u003e\u003ccode\u003ee636a51\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/96a4d22fdd07e25742009a6bcd8a2d23e9b5574a\"\u003e\u003ccode\u003e96a4d22\u003c/code\u003e\u003c/a\u003e fix: fix a parser hang (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/470\"\u003e#470\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/843f79992139ec56266f52161b27a3eadd1f6a35\"\u003e\u003ccode\u003e843f799\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/469\"\u003e#469\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/2c87eafe7c852d19c1b91a1c9bed4d47bd03816f\"\u003e\u003ccode\u003e2c87eaf\u003c/code\u003e\u003c/a\u003e Honor sort_keys for parsed TOML documents (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/8e32f9cb7fcfbc45e893c34e0e9a590a26675fd6\"\u003e\u003ccode\u003e8e32f9c\u003c/code\u003e\u003c/a\u003e Type annotations (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/df98af48778f865d270d2f53e816d3b0948c8927\"\u003e\u003ccode\u003edf98af4\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/4bd97db2c8fda5cbffc01acc586e3328168bac36\"\u003e\u003ccode\u003e4bd97db\u003c/code\u003e\u003c/a\u003e chore(deps): bump requests from 2.32.4 to 2.33.0 in /docs (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/462\"\u003e#462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/b2d703032bf2e44e680b67f2897c3a7c67be55eb\"\u003e\u003ccode\u003eb2d7030\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump pygments from 2.17.2 to 2.20.0 (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/87d98b1d0100c5bd39736eda4cd9cc3d8e24bf48\"\u003e\u003ccode\u003e87d98b1\u003c/code\u003e\u003c/a\u003e chore(deps): bump pygments from 2.18.0 to 2.20.0 in /docs (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/tomlkit/compare/0.14.0...0.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.15 to 3.16\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4e6cbe225a3e0b6e7eed2082086a12cba526e787\"\u003e\u003ccode\u003e4e6cbe2\u003c/code\u003e\u003c/a\u003e Demote installation instruction to usage section\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/223533c34c9e23470e714ed9b1f1c41867177732\"\u003e\u003ccode\u003e223533c\u003c/code\u003e\u003c/a\u003e Merge branch 'readme-simplification' into release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b1640b228a50b3c94ffcf8a664eb6cb186550f3e\"\u003e\u003ccode\u003eb1640b2\u003c/code\u003e\u003c/a\u003e Bump version to 3.16rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/3a861132be61091454aae10c292d98bcfd3cd797\"\u003e\u003ccode\u003e3a86113\u003c/code\u003e\u003c/a\u003e Update history for 3.16 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d4bc9e742b753cff2ec6c53bd4be730863ca9c53\"\u003e\u003ccode\u003ed4bc9e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/246\"\u003e#246\u003c/a\u003e from kjd/python-3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a21d9fca6b04c47ddbd0303d62bbc0712b55f43d\"\u003e\u003ccode\u003ea21d9fc\u003c/code\u003e\u003c/a\u003e Update deprecation policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b46492694aa21dc1c3608f59dd5b9620c08b2d0f\"\u003e\u003ccode\u003eb464926\u003c/code\u003e\u003c/a\u003e Raise minimum Python to 3.9 and modernize typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7f3b15e8839f0e404a00054c4072e69347e727f2\"\u003e\u003ccode\u003e7f3b15e\u003c/code\u003e\u003c/a\u003e Explicit example not needed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7530c7020ae2bcf0acff1fafd71fb047a3b117ed\"\u003e\u003ccode\u003e7530c70\u003c/code\u003e\u003c/a\u003e Remove unnecessary print()\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.15...v3.16\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.9.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/1d5e9b240ac073f10ef389e9e27a2f2647fcd653\"\u003e\u003ccode\u003e1d5e9b2\u003c/code\u003e\u003c/a\u003e Bump version to 0.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/963673e91ad7482aa46df25f7c68d4a5ced8a712\"\u003e\u003ccode\u003e963673e\u003c/code\u003e\u003c/a\u003e Sync mypy and add smoke tests (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/38\"\u003e#38\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.9.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mdit-py-plugins` from 0.5.0 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/releases\"\u003emdit-py-plugins's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 FIX: Nested field lists incorrectly nesting inside parent containers by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/139\"\u003eexecutablebooks/mdit-py-plugins#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 Release v0.6.1 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/140\"\u003eexecutablebooks/mdit-py-plugins#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/compare/v0.6.0...v0.6.1\"\u003ehttps://github.com/executablebooks/mdit-py-plugins/compare/v0.6.0...v0.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add AGENTS.md and copilot-setup-steps workflow by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/132\"\u003eexecutablebooks/mdit-py-plugins#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ NEW: Add superscript plugin and tests by \u003ca href=\"https://github.com/elijahgreenstein\"\u003e\u003ccode\u003e@​elijahgreenstein\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/128\"\u003eexecutablebooks/mdit-py-plugins#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Add GFM autolink and composite GFM plugins by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/135\"\u003eexecutablebooks/mdit-py-plugins#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Fix pre-commit by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/136\"\u003eexecutablebooks/mdit-py-plugins#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 Release v0.6.0 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/137\"\u003eexecutablebooks/mdit-py-plugins#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/132\"\u003eexecutablebooks/mdit-py-plugins#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elijahgreenstein\"\u003e\u003ccode\u003e@​elijahgreenstein\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/128\"\u003eexecutablebooks/mdit-py-plugins#128\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/compare/v0.5.0...v0.6.0\"\u003ehttps://github.com/executablebooks/mdit-py-plugins/compare/v0.5.0...v0.6.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/blob/master/CHANGELOG.md\"\u003emdit-py-plugins's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.6.1 - 2026-05-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e🐛 FIX: Nested field lists incorrectly nesting inside parent containers (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/139\"\u003e#139\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eField lists inside list items (or other indented containers) would recursively nest each field inside the previous one, instead of being siblings.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.6.0 - 2026-05-07\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e✨ NEW: Add GFM autolink and composite GFM plugins (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/135\"\u003e#135\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003egfm_autolink\u003c/code\u003e plugin implements \u003ca href=\"https://github.github.com/gfm/#autolinks-extension-\"\u003eGFM autolink literals\u003c/a\u003e,\nauto-linking URLs and email addresses without requiring angle brackets:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003eVisit www.example.com or contact user@example.com\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe \u003ccode\u003egfm\u003c/code\u003e composite plugin enables a full Github Flavored Markdown (GFM)-like configuration in a single call\n(tables, strikethrough, autolinks, task lists, alerts, and footnotes).\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax\"\u003ethe GitHub docs\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eRequires markdown-it-py \u0026gt;= 4.1.0.\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e✨ NEW: Add superscript plugin and tests, thanks to \u003ca href=\"https://github.com/elijahgreenstein\"\u003e\u003ccode\u003e@​elijahgreenstein\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/128\"\u003e#128\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePorted from \u003ca href=\"https://github.com/markdown-it/markdown-it-sup\"\u003emarkdown-it-sup\u003c/a\u003e.\nRenders superscript text using \u003ccode\u003e^..^\u003c/code\u003e syntax:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e29^th^ of May\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/da70e05b7630c38047d1921ef21d1aadc34c1ea9\"\u003e\u003ccode\u003eda70e05\u003c/code\u003e\u003c/a\u003e 🚀 Release v0.6.1 (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/140\"\u003e#140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/f41d88c17c90dac4f9fd77418e1dcc2ba2c4ea9b\"\u003e\u003ccode\u003ef41d88c\u003c/code\u003e\u003c/a\u003e 🐛 FIX: Nested field lists incorrectly nesting inside parent containers (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/b8735072c4a0d406ad29a87f472a638f6d4ac3f5\"\u003e\u003ccode\u003eb873507\u003c/code\u003e\u003c/a\u003e 🚀 Release v0.6.0 (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/b77a18bcb3a8a640dbfc57dcb901fa18cee74bf8\"\u003e\u003ccode\u003eb77a18b\u003c/code\u003e\u003c/a\u003e 🔧 Fix pre-commit (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/136\"\u003e#136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/28a97783ee58785003bc9c84e0821bc3babb35a3\"\u003e\u003ccode\u003e28a9778\u003c/code\u003e\u003c/a\u003e ✨ Add GFM autolink and composite GFM plugins (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/39c681fddac49430ee4a748433bcfae5888b7576\"\u003e\u003ccode\u003e39c681f\u003c/code\u003e\u003c/a\u003e ✨ NEW: Add superscript plugin and tests (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/128\"\u003e#128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/62f00586e872e62a700fb13f65e254c686474fc6\"\u003e\u003ccode\u003e62f0058\u003c/code\u003e\u003c/a\u003e 🔧 Add AGENTS.md and copilot-setup-steps workflow (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/compare/v0.5.0...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/...\n\n_Description has been truncated_","html_url":"https://github.com/greenbone/pontos/pull/1225","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fpontos/issues/1225","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1225/packages"},{"uuid":"4490809265","node_id":"PR_kwDOOMKlh87dvpUg","number":7,"state":"closed","title":"Bump the pip group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:35:58.000Z","updated_at":"2026-05-28T22:52:57.000Z","time_to_close":685017,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":22,"packages":[{"name":"flask-cors","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"lxml","old_version":"5.3.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"eventlet","old_version":"0.39.0","new_version":"0.41.0","repository_url":"https://github.com/eventlet/eventlet"},{"name":"setuptools","old_version":"58.5.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"wheel","old_version":"0.45.0","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pymongo","old_version":"4.3.3","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"poetry","old_version":"2.0.0","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"twisted","old_version":"24.3.0","new_version":"26.4.0rc2","repository_url":"https://github.com/twisted/twisted"},{"name":"cryptography","old_version":"44.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"werkzeug","old_version":"2.3.7","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.17.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"5.29.3","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"virtualenv","old_version":"20.29.2","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `5.0.0` | `6.0.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.1` | `6.1.0` |\n| [eventlet](https://github.com/eventlet/eventlet) | `0.39.0` | `0.41.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `58.5.3` | `78.1.1` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.0` | `0.46.2` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.3` | `4.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.0.0` | `2.3.4` |\n| [twisted](https://github.com/twisted/twisted) | `24.3.0` | `26.4.0rc2` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.1.6` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.36.1` |\n\nBumps the pip group with 4 updates in the /buildscripts/cost_model directory: [pymongo](https://github.com/mongodb/mongo-python-driver), [fonttools](https://github.com/fonttools/fonttools), [pillow](https://github.com/python-pillow/Pillow) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).\n\nUpdates `flask-cors` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking\u003c/h2\u003e\n\u003cp\u003ePath specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6839] Sort Paths by Regex Specificity by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/391\"\u003ecorydolphin/flask-cors#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/389\"\u003ecorydolphin/flask-cors#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6866] Case Sensitive Request Path Matching by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/390\"\u003ecorydolphin/flask-cors#390\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Docs] Fix links to documentation by \u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix minor typos by \u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate packaging and environment management to use uv by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/377\"\u003ecorydolphin/flask-cors#377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release pipeline by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/378\"\u003ecorydolphin/flask-cors#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use trusted publishing by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/379\"\u003ecorydolphin/flask-cors#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkaround license publishing issue by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/380\"\u003ecorydolphin/flask-cors#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix packaging: missing source files by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/381\"\u003ecorydolphin/flask-cors#381\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536\"\u003e\u003ccode\u003e35d8753\u003c/code\u003e\u003c/a\u003e [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f\"\u003e\u003ccode\u003ee970988\u003c/code\u003e\u003c/a\u003e [CVE-2024-6839] Sort Paths by Regex Specificity (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358\"\u003e\u003ccode\u003eeb39516\u003c/code\u003e\u003c/a\u003e [CVE-2024-6866] Case Sensitive Request Path Matching (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/5da9be479b4fb203816bca9eb0cfb7add5eeceb5\"\u003e\u003ccode\u003e5da9be4\u003c/code\u003e\u003c/a\u003e Fix packaging: missing source files (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/65a51321e1be9a4320b39f67db5e63553cd8138b\"\u003e\u003ccode\u003e65a5132\u003c/code\u003e\u003c/a\u003e Workaround license publishing issue (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/7127e7e3914083fbe4ebd8f7ef9b3ae0e8459daa\"\u003e\u003ccode\u003e7127e7e\u003c/code\u003e\u003c/a\u003e Always use trusted publishing (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/01e2e68268f7fdb4ed7309a655986b85c9066a67\"\u003e\u003ccode\u003e01e2e68\u003c/code\u003e\u003c/a\u003e Fix release pipeline (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/ade65a16524c628747aecaaa73c1d615501974b2\"\u003e\u003ccode\u003eade65a1\u003c/code\u003e\u003c/a\u003e Major Packaging Refactor: migrate to uv (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb44bffc76f49e5bb8692e96a37e11ebee070cf0\"\u003e\u003ccode\u003eeb44bff\u003c/code\u003e\u003c/a\u003e fix: typos (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/371\"\u003e#371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/1225e7806156de61f343928c227e32bbff44059e\"\u003e\u003ccode\u003e1225e78\u003c/code\u003e\u003c/a\u003e replace documentation links in README (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 5.3.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-6.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.3.1...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eventlet` from 0.39.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eventlet/eventlet/blob/master/NEWS\"\u003eeventlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.41.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to 3.14 for testing (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMore visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.4\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.3\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY] Fix request smuggling vulnerability by discarding trailers (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.2\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix compatibility issues identified with Python 3.14 on Linux (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake database removal safer with IF EXISTS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrepare jobs and CI/CD for python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1055\"\u003e#1055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] \u0026quot;Fix\u0026quot; fork() so it \u0026quot;works\u0026quot; on Python 3.13, and \u0026quot;works\u0026quot; better on older Python versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1047\"\u003e#1047\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eBehavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.\u003c/li\u003e\n\u003cli\u003eBug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[fix] Fix patching of removed URLopener class in Python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] ReferenceError except while count rlock (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.utcfromtimestamp (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix][env] Remove duplicate steps (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.datetime.utcnow (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Fix ssl test when linking against openssl 3.5 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1034\"\u003e#1034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support Python 3.8 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[doc] Various doc updates (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/981\"\u003e#981\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1033\"\u003e#1033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[env] Drop PyPy support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1035\"\u003e#1035\u003c/a\u003e \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.39.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/5ec4b6dcd2e5bb41c63743bd59dedbce4a9c5381\"\u003e\u003ccode\u003e5ec4b6d\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.41.0 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/6de7dbbd71585e34ccbec99d220606febb286bb8\"\u003e\u003ccode\u003e6de7dbb\u003c/code\u003e\u003c/a\u003e Switch to 3.14 for testing, fix problems found along the way. (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1ea81d9fbf12ce62a818ff9125ca14593c5506a7\"\u003e\u003ccode\u003e1ea81d9\u003c/code\u003e\u003c/a\u003e Drop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/62662af7002b531bed608c7dd73d81943ff638c9\"\u003e\u003ccode\u003e62662af\u003c/code\u003e\u003c/a\u003e More visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/f3254a1b401714f6dfdffa5045d25a4d36c76c06\"\u003e\u003ccode\u003ef3254a1\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.40.4 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/8cb20296f3455a1836cdbcbf1d3545666ee7f867\"\u003e\u003ccode\u003e8cb2029\u003c/code\u003e\u003c/a\u003e Remove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/220f82d843c0a57c267e77f0cc437e0b43be1cca\"\u003e\u003ccode\u003e220f82d\u003c/code\u003e\u003c/a\u003e add 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/01a3da5f9b552c7d58eb6de829d33f522d4b04cf\"\u003e\u003ccode\u003e01a3da5\u003c/code\u003e\u003c/a\u003e Emit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1b2b959da1257dccd23956fda43d03dc6a28ca16\"\u003e\u003ccode\u003e1b2b959\u003c/code\u003e\u003c/a\u003e Fix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/d8bf4659cd8b178949cc2b1485b337d46bae6532\"\u003e\u003ccode\u003ed8bf465\u003c/code\u003e\u003c/a\u003e Workaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eventlet/eventlet/compare/0.39.0...0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 58.5.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v58.5.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.0 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.0...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.3 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.3...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `poetry` from 2.0.0 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.0.0...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `twisted` from 24.3.0 to 26.4.0rc2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/releases\"\u003etwisted's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eTwisted 26.4.0rc2 (2026-04-29)\u003c/h1\u003e\n\u003cp\u003eThis is the last release with support for Python 3.9.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.\nReported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12626\"\u003e#12626\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.endpoints.serverFromString now supports the \u003ccode\u003etls\u003c/code\u003e endpoint\ntype, which allows you to do \u003ccode\u003etwist web\r --listen=tls:.../certbot-dir/config/live\u003c/code\u003e pointed at a certbot live\nconfiguration directory and have your certbot certificates automatically\ndiscovered and served appropriately. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9885\"\u003e#9885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.reactor\u003c/code\u003e now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9909\"\u003e#9909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types \u0026quot;\u003ca href=\"mailto:sk-ecdsa-sha2-nistp256@openssh.com\"\u003esk-ecdsa-sha2-nistp256@openssh.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:sk-ssh-ed25519@openssh.com\"\u003esk-ssh-ed25519@openssh.com\u003c/a\u003e\u0026quot; and extracting the \u003ccode\u003eapplication\u003c/code\u003e property from these new key types. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12212\"\u003e#12212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.mail will now return a meaningful Failure when TLS validation fails. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10232\"\u003e#10232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA potential reference cycle that might cause intermittent memory spikes while\nusing twisted.internet.defer.inlineCallbacks was removed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12120\"\u003e#12120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrial no longer emits the error \u003ccode\u003eRuntimeWarning: TestResult has no addDuration method\u003c/code\u003e when running PyUnit tests. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12229\"\u003e#12229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.python.rebuild.rebuild() now handles changes to \u003ccode\u003esys.modules\u003c/code\u003e gracefully. Prior to the change, it could possibly raise a \u0026quot;dictionary changed size during iteration\u0026quot; error if the module list changed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12458\"\u003e#12458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.protocol.ReconnectingClientFactory: Don't multiply by \u003ccode\u003efactor\u003c/code\u003e for initial delay, but use \u003ccode\u003einitialDelay\u003c/code\u003e directly. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12478\"\u003e#12478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12500\"\u003e#12500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.testing.MemoryReactor.callWhenRunning\u003c/code\u003e now invokes the callback immediately, if already started. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12514\"\u003e#12514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTwisted now correctly detects EOF on OpenSSL 4. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12632\"\u003e#12632\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe example code from the documentation describing how to create a custom DNS server was updated to Python3. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eType annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12556\"\u003e#12556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/blob/trunk/NEWS.rst\"\u003etwisted's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis file contains the release notes for Twisted.\u003c/p\u003e\n\u003cp\u003eIt only contains high-level changes that are of interest to Twisted library users.\nUsers of Twisted should check the notes before planning an upgrade.\u003c/p\u003e\n\u003cp\u003eTicket numbers in this file can be looked up by visiting\n\u003ca href=\"https://twisted.org/trac/ticket/\"\u003ehttps://twisted.org/trac/ticket/\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003e.. towncrier release notes start\u003c/p\u003e\n\u003ch1\u003eTwis...\n\n_Description has been truncated_","html_url":"https://github.com/Jackblanket847/mongo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jackblanket847%2Fmongo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4490760425","node_id":"PR_kwDOQ9oP0c7dvfm7","number":57,"state":"open","title":"build(deps): bump the pip-minor-patch group with 5 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T00:20:49.000Z","updated_at":"2026-05-21T00:23:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip-minor-patch","update_count":5,"packages":[{"name":"requests","old_version":"2.34.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"openai","old_version":"2.36.0","new_version":"2.37.0","repository_url":"https://github.com/openai/openai-python"},{"name":"transformers","old_version":"5.8.1","new_version":"5.9.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"huggingface-hub","old_version":"1.14.0","new_version":"1.15.0","repository_url":"https://github.com/huggingface/huggingface_hub"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-minor-patch group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.34.1` | `2.34.2` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [openai](https://github.com/openai/openai-python) | `2.36.0` | `2.37.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.8.1` | `5.9.0` |\n| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.14.0` | `1.15.0` |\n\nUpdates `requests` from 2.34.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.34.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.36.0 to 2.37.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/658be644f48028ea3c7b1545034470fda75a70ba\"\u003e\u003ccode\u003e658be64\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3213\"\u003e#3213\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/8a7cac34cbc64fe02854beb3659f4bb5f46815f9\"\u003e\u003ccode\u003e8a7cac3\u003c/code\u003e\u003c/a\u003e release: 2.37.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/9b4bf8edbac6aab217f1ac4436a47cbca2cad43b\"\u003e\u003ccode\u003e9b4bf8e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/1903\"\u003e#1903\u003c/a\u003e from stainless-sdks/dev/jtian/remove-unnecessary-params\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003e\u003ccode\u003ec39ea8d\u003c/code\u003e\u003c/a\u003e feat: Remove unnecessary client_id when using workload identity provider for ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e\u003ccode\u003e7e527bc\u003c/code\u003e\u003c/a\u003e feat(internal/types): support eagerly validating pydantic iterators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e\u003ccode\u003e625827c\u003c/code\u003e\u003c/a\u003e feat(api): add service_tier parameter to responses compact method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003e\u003ccode\u003ec85ebd9\u003c/code\u003e\u003c/a\u003e fix(client): add missing f-string prefix in file type error message\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.8.1 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease v5.9.0\u003c/h1\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eCohere2Moe\u003c/h3\u003e\n\u003cp\u003eCommand A+ is a Mixture-of-Experts (MoE) language model from Cohere that features a hybrid attention pattern combining sliding window and full attention layers. The model incorporates both shared and routed experts and supports a very large context window for processing extensive text sequences.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/cohere2_moe\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd new cohere2_moe model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46115\"\u003e#46115\u003c/a\u003e) by \u003ca href=\"https://github.com/Cyrilvallez\"\u003e\u003ccode\u003e@​Cyrilvallez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46115\"\u003e#46115\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eParakeet tdt (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44171\"\u003e#44171\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eParakeet tdt (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44171\"\u003e#44171\u003c/a\u003e) by \u003ca href=\"https://github.com/lmaksym\"\u003e\u003ccode\u003e@​lmaksym\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHRM-Text\u003c/h3\u003e\n\u003cp\u003eHRM-Text is an improved autoregressive language-modeling variant of the Hierarchical Reasoning Model (HRM) that uses a hierarchical recurrent forward pass with two transformer stacks - one for slow, abstract planning (H) and one for fast, detailed computation (L) - reused inside a nested recurrence. It features PrefixLM attention where instruction tokens attend bidirectionally while response tokens attend causally, per-head sigmoid output gates, and parameterless RMSNorm. The model is designed as a base language model without instruction tuning or chat templates.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/hrm_text\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2506.21734\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd hrm text (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46025\"\u003e#46025\u003c/a\u003e) by \u003ca href=\"https://github.com/abcd1927\"\u003e\u003ccode\u003e@​abcd1927\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46025\"\u003e#46025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking changes\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003etext_embeds\u003c/code\u003e input for SAM3, EdgeTAM, and SAM3-Lite-Text models now expects full text embeddings instead of just pooler outputs, aligning with other models in the library — users must update their inputs accordingly.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e🚨Fix memory leaks caused by lru decorators in vision models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45922\"\u003e#45922\u003c/a\u003e) by \u003ca href=\"https://github.com/yonigozlan\"\u003e\u003ccode\u003e@​yonigozlan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAudio\u003c/h2\u003e\n\u003cp\u003eAudio support was expanded with the addition of AudioFlamingoNext model checkpoints and improved compilability of audio/vision encoders via standalone pure functions. Additional improvements include better error messaging when loading audio from video files and new documentation for audio/video processors.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003euser friendly error when loading audio from video (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45221\"\u003e#45221\u003c/a\u003e) by \u003ca href=\"https://github.com/eustlb\"\u003e\u003ccode\u003e@​eustlb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45221\"\u003e#45221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[docs] adding audio/video processors (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45795\"\u003e#45795\u003c/a\u003e) by \u003ca href=\"https://github.com/stevhliu\"\u003e\u003ccode\u003e@​stevhliu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45795\"\u003e#45795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport Audio Flamingo Next checkpoints (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44830\"\u003e#44830\u003c/a\u003e) by \u003ca href=\"https://github.com/lashahub\"\u003e\u003ccode\u003e@​lashahub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44830\"\u003e#44830\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract dynamic vision/audio tensors into standalone pure functions (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45396\"\u003e#45396\u003c/a\u003e) by \u003ca href=\"https://github.com/IlyasMoutawwakil\"\u003e\u003ccode\u003e@​IlyasMoutawwakil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45396\"\u003e#45396\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eGeneration\u003c/h2\u003e\n\u003cp\u003eFixed generation issues including \u003ccode\u003einputs_embeds\u003c/code\u003e and \u003ccode\u003eper_layer_inputs\u003c/code\u003e handling for Gemma4, an \u003ccode\u003eAttributeError\u003c/code\u003e in RAG's \u003ccode\u003egenerate()\u003c/code\u003e caused by missing config fields, and flaky VLM generation tests by blocking special image tokens during sampling.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix Gemma4 generation from inputs_embeds and per_layer_inputs (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46049\"\u003e#46049\u003c/a\u003e) by \u003ca href=\"https://github.com/Cyrilvallez\"\u003e\u003ccode\u003e@​Cyrilvallez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46049\"\u003e#46049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AttributeError in RAG generate() for missing config fields (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46035\"\u003e#46035\u003c/a\u003e) by \u003ca href=\"https://github.com/Sriniketh24\"\u003e\u003ccode\u003e@​Sriniketh24\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46035\"\u003e#46035\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0a2757da521a7a49b8143d9e0c938f08747d682e\"\u003e\u003ccode\u003e0a2757d\u003c/code\u003e\u003c/a\u003e release v5.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e370a7f3f49c3c759cf8c7c01a935ce0e00c3f44\"\u003e\u003ccode\u003ee370a7f\u003c/code\u003e\u003c/a\u003e fix cohere2 tp_plan for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/f59ffd1ef95634f9b0317ec5d8d43d71e3604a10\"\u003e\u003ccode\u003ef59ffd1\u003c/code\u003e\u003c/a\u003e Add new cohere2_moe model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46115\"\u003e#46115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/4f41f261efcfd71ce08db2890b7c632cc9ffc0bc\"\u003e\u003ccode\u003e4f41f26\u003c/code\u003e\u003c/a\u003e [loading] Free up tensors faster inside ConversionOps (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46110\"\u003e#46110\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/d5dd7eed2f7d5b2ccba569e150647ef275e56365\"\u003e\u003ccode\u003ed5dd7ee\u003c/code\u003e\u003c/a\u003e Fix post processing RF-DETR (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46041\"\u003e#46041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0b25f8c49c37530ce9f8742d7a8c19ed8d254d7d\"\u003e\u003ccode\u003e0b25f8c\u003c/code\u003e\u003c/a\u003e [serve] Support for reasoning  (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45690\"\u003e#45690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0df9b7fcaab447c75543598e6d959065c2296a24\"\u003e\u003ccode\u003e0df9b7f\u003c/code\u003e\u003c/a\u003e Fix Gemma4 generation from inputs_embeds and per_layer_inputs (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46049\"\u003e#46049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/38a8b55f22d593c103e8bcc616413e70a5ef03ca\"\u003e\u003ccode\u003e38a8b55\u003c/code\u003e\u003c/a\u003e Parakeet tdt (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44171\"\u003e#44171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/3428030a179620b01cb598928b6cc7d5e5e60990\"\u003e\u003ccode\u003e3428030\u003c/code\u003e\u003c/a\u003e Remove mask visualization tool from \u003ccode\u003emasking_utils.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46066\"\u003e#46066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/dda06506142a0efe4081a0ab574fbd3c7c72dc37\"\u003e\u003ccode\u003edda0650\u003c/code\u003e\u003c/a\u003e user friendly error when loading audio from video (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45221\"\u003e#45221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.8.1...v5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `huggingface-hub` from 1.14.0 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/huggingface_hub/releases\"\u003ehuggingface-hub's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v1.15.0] Region-aware buckets \u0026amp; repos, \u003ccode\u003ehf skills list\u003c/code\u003e, polished CLI help and more\u003c/h2\u003e\n\u003ch2\u003e🌍 Pick a region when creating buckets and repos\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003ecreate_bucket\u003c/code\u003e and \u003ccode\u003ecreate_repo\u003c/code\u003e now accept an optional \u003ccode\u003eregion\u003c/code\u003e argument (\u003ccode\u003e\u0026quot;us\u0026quot;\u003c/code\u003e or \u003ccode\u003e\u0026quot;eu\u0026quot;\u003c/code\u003e) so you can pin a new bucket or repo to a specific cloud region at creation time. The same option is exposed on the CLI via a \u003ccode\u003e--region\u003c/code\u003e flag on \u003ccode\u003ehf buckets create\u003c/code\u003e and \u003ccode\u003ehf repos create\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\u0026gt;\u0026gt;\u0026gt; from huggingface_hub import create_bucket, create_repo\r\n\u0026gt;\u0026gt;\u0026gt; create_bucket(\u0026quot;my-bucket\u0026quot;, region=\u0026quot;us\u0026quot;)\r\n\u0026gt;\u0026gt;\u0026gt; create_repo(\u0026quot;my-model\u0026quot;, region=\u0026quot;eu\u0026quot;)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e$ hf buckets create my-bucket --region us\r\n$ hf repos create username/my-model --region eu\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003e[Bucket/Repo] Support 'region' option in create_bucket and create_repo by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4194\"\u003e#4194\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧩 Discover marketplace skills with \u003ccode\u003ehf skills list\u003c/code\u003e\u003c/h2\u003e\n\u003cp\u003eA new \u003ccode\u003ehf skills list\u003c/code\u003e (alias \u003ccode\u003els\u003c/code\u003e) command lists every skill available in the Hugging Face marketplace and shows whether each one is already installed in the four supported locations (project, global, project Claude, global Claude). Handy when you want to check what's installable and what you've already got before running \u003ccode\u003ehf skills add\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e$ hf skills ls\r\nNAME                        DESCRIPTION                         PROJECT PROJECT (CLAUDE) GLOBAL GLOBAL (CLAUDE)\r\n--------------------------- ----------------------------------- ------- ---------------- ------ ---------------\r\nhf-cli                      Execute Hugging Face Hub operati...     yes              yes    yes             yes                                \r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003e[CLI] Add \u003ccode\u003ehf skills list\u003c/code\u003e command by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4180\"\u003e#4180\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🎨 Polished \u003ccode\u003e--help\u003c/code\u003e output with ANSI styling\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003ehf --help\u003c/code\u003e and every subcommand now render with underlined section headings and bold option/command names, making the help screens much easier to scan in a terminal. The new styling is automatically disabled when \u003ccode\u003eNO_COLOR\u003c/code\u003e is set or when the CLI detects it's running under an AI agent, so script and agent output stays clean.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CLI] Pretty-print \u003ccode\u003e--help\u003c/code\u003e with ANSI styling by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4192\"\u003e#4192\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🖥️ CLI\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CLI] Check Homebrew registry for updates when installed via brew by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4204\"\u003e#4204\u003c/a\u003e — \u003ccode\u003ehf update\u003c/code\u003e no longer suggests a version that isn't on \u003ccode\u003ebrew\u003c/code\u003e yet for Homebrew installs.\u003c/li\u003e\n\u003cli\u003e[CLI] No traceback on LocalEntryNotFoundError by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4190\"\u003e#4190\u003c/a\u003e — offline/cache-miss errors now print a clean message instead of a Python traceback (set \u003ccode\u003eHF_DEBUG=1\u003c/code\u003e for the full stack).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug and typo fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake HF_HUB_ENABLE_HF_TRANSFER deprecation warning visible to users by \u003ca href=\"https://github.com/Adithya191101\"\u003e\u003ccode\u003e@​Adithya191101\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4220\"\u003e#4220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix hint message to use 'hf skills update' by \u003ca href=\"https://github.com/Pierrci\"\u003e\u003ccode\u003e@​Pierrci\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4206\"\u003e#4206\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📖 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[docs] Drop duplicated Key Features list from hf jobs CLI section by \u003ca href=\"https://github.com/davanstrien\"\u003e\u003ccode\u003e@​davanstrien\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4222\"\u003e#4222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/bb6d939c601785c0d2ee23a261a2f49dfd08e394\"\u003e\u003ccode\u003ebb6d939\u003c/code\u003e\u003c/a\u003e Release: v1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/69413ea8a75f820235b57ffdce872fa5845496cd\"\u003e\u003ccode\u003e69413ea\u003c/code\u003e\u003c/a\u003e Release: v1.15.0.rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/dee49643a7c5f8c78d908d747f5e7242755fb032\"\u003e\u003ccode\u003edee4964\u003c/code\u003e\u003c/a\u003e Make HF_HUB_ENABLE_HF_TRANSFER deprecation warning visible to users (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4220\"\u003e#4220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/7023faf3b9d443c06f68c6a508d2150f3b9704b4\"\u003e\u003ccode\u003e7023faf\u003c/code\u003e\u003c/a\u003e [docs] Drop duplicated Key Features list from hf jobs CLI section (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4222\"\u003e#4222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/1f57da2ffb989f6ad991fa935a1695ff98a4e484\"\u003e\u003ccode\u003e1f57da2\u003c/code\u003e\u003c/a\u003e Only sync skill if SKILL.md has changed (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4210\"\u003e#4210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/9c05199c41e8a1dc20082a25af2d6927a4c21002\"\u003e\u003ccode\u003e9c05199\u003c/code\u003e\u003c/a\u003e Fix hint message to use 'hf skills update' (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4206\"\u003e#4206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/230c624a2aa8c61835b75574d45d446e0f9a6f07\"\u003e\u003ccode\u003e230c624\u003c/code\u003e\u003c/a\u003e [CLI] No traceback on LocalEntryNotFoundError (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4190\"\u003e#4190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/3d85543db77d91e3400b2d95d120e634ee31f4ec\"\u003e\u003ccode\u003e3d85543\u003c/code\u003e\u003c/a\u003e [CLI] Add \u003ccode\u003ehf skills list\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4180\"\u003e#4180\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/04195e041bd4bfbb5c5c8f32308106ea6590cd97\"\u003e\u003ccode\u003e04195e0\u003c/code\u003e\u003c/a\u003e [CLI] Pretty-print \u003ccode\u003e--help\u003c/code\u003e with ANSI styling (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4192\"\u003e#4192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/0c75ef9205338d08e1c4531e8339be080f03820c\"\u003e\u003ccode\u003e0c75ef9\u003c/code\u003e\u003c/a\u003e [CLI] Check Homebrew registry for updates when installed via brew (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4204\"\u003e#4204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/huggingface_hub/compare/v1.14.0...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Xelanidog/LoiClair/pull/57","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xelanidog%2FLoiClair/issues/57","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/57/packages"},{"uuid":"4481937417","node_id":"PR_kwDOOx5pCM7dTHL-","number":175,"state":"open","title":"chore(deps): bump the pip group across 20 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T23:50:15.000Z","updated_at":"2026-05-19T23:51:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"certifi","old_version":"2022.12.7","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"cryptography","old_version":"36.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"h11","old_version":"0.13.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.3","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"4.9.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"pyopenssl","old_version":"22.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"requests","old_version":"2.27.1","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tqdm","old_version":"4.63.0","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"urllib3","old_version":"1.26.19","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /examples/benchmarks/ADARNN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ADD directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ALSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GATs directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GRU directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/HIST directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/IGMTF directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/LSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Localformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/MLP directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/SFM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCTS directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/TFT directory: [tensorflow-gpu](https://github.com/tensorflow/tensorflow).\nBumps the pip group with 2 updates in the /examples/benchmarks/TRA directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TabNet directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Transformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks_dynamic/DDG-DA directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/hyperparameter/LightGBM directory: [lightgbm](https://github.com/microsoft/LightGBM).\nBumps the pip group with 9 updates in the /scripts/data_collector/br_index directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `36.0.1` | `46.0.7` |\n| [h11](https://github.com/python-hyper/h11) | `0.13.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.3` | `3.15` |\n| [lxml](https://github.com/lxml/lxml) | `4.9.1` | `6.1.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.0.0` | `26.0.0` |\n| [requests](https://github.com/psf/requests) | `2.27.1` | `2.33.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.63.0` | `4.66.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.19` | `2.7.0` |\n\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/qlib/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fqlib/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"},{"uuid":"4476682648","node_id":"PR_kwDOR0tLLM7dB9Hg","number":59,"state":"open","title":"chore(deps): bump the python-non-major group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T10:45:11.000Z","updated_at":"2026-05-19T10:51:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-non-major","update_count":28,"packages":[{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"lxml","old_version":"6.0.4","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"ruff","old_version":"0.14.8","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"datamodel-code-generator","old_version":"0.45.0","new_version":"0.57.0","repository_url":"https://github.com/koxudaxi/datamodel-code-generator"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"presidio-analyzer","old_version":"2.2.361","new_version":"2.2.362","repository_url":"https://github.com/Microsoft/presidio"},{"name":"spacy","old_version":"3.8.11","new_version":"3.8.14","repository_url":"https://github.com/explosion/spaCy"},{"name":"torch","old_version":"2.10.0","new_version":"2.12.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"onnxruntime","old_version":"1.24.2","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"datasketch","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/ekzhu/datasketch"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.5.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"datasets","old_version":"4.6.0","new_version":"4.8.5","repository_url":"https://github.com/huggingface/datasets"},{"name":"gliner2","old_version":"1.3.0","new_version":"1.3.1","repository_url":"https://github.com/fastino-ai/GLiNER2"},{"name":"chardet","old_version":"7.4.2","new_version":"7.4.3","repository_url":"https://github.com/chardet/chardet"},{"name":"docling","old_version":"2.93.0","new_version":"2.94.0","repository_url":"https://github.com/docling-project/docling"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pymysql","old_version":"1.1.2","new_version":"1.2.0","repository_url":"https://github.com/PyMySQL/PyMySQL"},{"name":"databricks-sql-connector","old_version":"4.2.5","new_version":"4.2.6","repository_url":"https://github.com/databricks/databricks-sql-python"},{"name":"snowflake-connector-python","old_version":"4.3.0","new_version":"4.5.0","repository_url":"https://github.com/snowflakedb/snowflake-connector-python"},{"name":"pymongo","old_version":"4.16.0","new_version":"4.17.0","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"boto3","old_version":"1.42.56","new_version":"1.43.10","repository_url":"https://github.com/boto/boto3"},{"name":"azure-storage-blob","old_version":"12.28.0","new_version":"12.29.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"azure-identity","old_version":"1.25.2","new_version":"1.25.3","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"google-cloud-storage","old_version":"3.9.0","new_version":"3.10.1","repository_url":"https://github.com/googleapis/python-storage"},{"name":"opentelemetry-sdk","old_version":"1.41.0","new_version":"1.42.0","repository_url":"https://github.com/open-telemetry/opentelemetry-python"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-non-major group with 27 updates in the /apps/cli directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.4` | `6.1.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.8` | `0.15.13` |\n| [datamodel-code-generator](https://github.com/koxudaxi/datamodel-code-generator) | `0.45.0` | `0.57.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [presidio-analyzer](https://github.com/Microsoft/presidio) | `2.2.361` | `2.2.362` |\n| [spacy](https://github.com/explosion/spaCy) | `3.8.11` | `3.8.14` |\n| [torch](https://github.com/pytorch/pytorch) | `2.10.0` | `2.12.0` |\n| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.24.2` | `1.26.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [datasketch](https://github.com/ekzhu/datasketch) | `1.9.0` | `1.10.0` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.5.0` |\n| [datasets](https://github.com/huggingface/datasets) | `4.6.0` | `4.8.5` |\n| [gliner2](https://github.com/fastino-ai/GLiNER2) | `1.3.0` | `1.3.1` |\n| [chardet](https://github.com/chardet/chardet) | `7.4.2` | `7.4.3` |\n| [docling](https://github.com/docling-project/docling) | `2.93.0` | `2.94.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.2` | `1.2.0` |\n| [databricks-sql-connector](https://github.com/databricks/databricks-sql-python) | `4.2.5` | `4.2.6` |\n| [snowflake-connector-python](https://github.com/snowflakedb/snowflake-connector-python) | `4.3.0` | `4.5.0` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.16.0` | `4.17.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.56` | `1.43.10` |\n| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.28.0` | `12.29.0` |\n| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.2` | `1.25.3` |\n| [google-cloud-storage](https://github.com/googleapis/python-storage) | `3.9.0` | `3.10.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.41.0` | `1.42.0` |\n\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.4 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.4...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.8 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.14.8...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `datamodel-code-generator` from 0.45.0 to 0.57.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/releases\"\u003edatamodel-code-generator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.57.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch3\u003eCode Generation Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e--use-default\u003c/code\u003e no longer makes required fields nullable - Previously, \u003ccode\u003e--use-default\u003c/code\u003e turned required fields into optional nullable fields (e.g., \u003ccode\u003estatus: str | None = 'active'\u003c/code\u003e). Now required fields keep their original non-nullable type and just get the default value rendered (e.g., \u003ccode\u003estatus: str = 'active'\u003c/code\u003e). Users whose downstream code depends on these fields being \u003ccode\u003eOptional\u003c/code\u003e/nullable will need to update. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequired model-ref fields no longer render defaults without \u003ccode\u003e--use-default\u003c/code\u003e - Previously, required fields referencing models (e.g., \u003ccode\u003eshipping_address: Address\u003c/code\u003e) inconsistently rendered defaults with \u003ccode\u003evalidate_default=True\u003c/code\u003e while scalar required fields did not. Now all required fields consistently omit defaults unless \u003ccode\u003e--use-default\u003c/code\u003e is passed. Users who relied on the previous behavior where model-ref required fields had defaults rendered will see those defaults removed. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Template Update Required\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuilt-in Jinja2 templates now use \u003ccode\u003efield.use_default_with_required\u003c/code\u003e - The built-in templates for \u003ccode\u003eBaseModel\u003c/code\u003e, \u003ccode\u003edataclass\u003c/code\u003e, \u003ccode\u003epydantic_v2/dataclass\u003c/code\u003e, and \u003ccode\u003emsgspec\u003c/code\u003e were updated to check \u003ccode\u003efield.use_default_with_required\u003c/code\u003e alongside \u003ccode\u003efield.required\u003c/code\u003e when deciding whether to render defaults. Custom templates that replicate the old default-rendering logic (e.g., \u003ccode\u003e{%- if not field.required %}\u003c/code\u003e) will still work but won't support the new \u003ccode\u003e--use-default\u003c/code\u003e behavior for required fields. To get the updated behavior, custom templates should change conditions like \u003ccode\u003enot field.required\u003c/code\u003e to \u003ccode\u003e(not field.required or field.use_default_with_required)\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden workflow credentials by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3095\"\u003ekoxudaxi/datamodel-code-generator#3095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release automation workflows by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3110\"\u003ekoxudaxi/datamodel-code-generator#3110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce shared assertions in e2e tests by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3108\"\u003ekoxudaxi/datamodel-code-generator#3108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docs preview required check by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3112\"\u003ekoxudaxi/datamodel-code-generator#3112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix required field default rendering and --use-default nullable types by \u003ca href=\"https://github.com/butvinm\"\u003e\u003ccode\u003e@​butvinm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3054\"\u003ekoxudaxi/datamodel-code-generator#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused CLI doc schema version lookup by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3113\"\u003ekoxudaxi/datamodel-code-generator#3113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix byte to binary type mapping by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3114\"\u003ekoxudaxi/datamodel-code-generator#3114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate generated docs sync PRs by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3117\"\u003ekoxudaxi/datamodel-code-generator#3117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport local HTTP ref paths by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3116\"\u003ekoxudaxi/datamodel-code-generator#3116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix reuse discriminator literals by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3115\"\u003ekoxudaxi/datamodel-code-generator#3115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocstrings that can be single line to be formatted on a single line by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3107\"\u003ekoxudaxi/datamodel-code-generator#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix indefinite hang on OpenAPI schemas with cyclic model dependencies by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3078\"\u003ekoxudaxi/datamodel-code-generator#3078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAPI enum literal alias regression test by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3124\"\u003ekoxudaxi/datamodel-code-generator#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pydantic model extra warnings by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3127\"\u003ekoxudaxi/datamodel-code-generator#3127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix snake case array discriminator by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3125\"\u003ekoxudaxi/datamodel-code-generator#3125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix serialization alias choices by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3126\"\u003ekoxudaxi/datamodel-code-generator#3126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix generated docs sync prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3129\"\u003ekoxudaxi/datamodel-code-generator#3129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd manual generated docs sync trigger by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3130\"\u003ekoxudaxi/datamodel-code-generator#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse source tree for generated prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3132\"\u003ekoxudaxi/datamodel-code-generator#3132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate enum member descriptions for anyOf const pattern by \u003ca href=\"https://github.com/mvanhorn\"\u003e\u003ccode\u003e@​mvanhorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3133\"\u003ekoxudaxi/datamodel-code-generator#3133\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md\"\u003edatamodel-code-generator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/releases/tag/0.57.0\"\u003e0.57.0\u003c/a\u003e - 2026-05-07\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch3\u003eCode Generation Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e--use-default\u003c/code\u003e no longer makes required fields nullable - Previously, \u003ccode\u003e--use-default\u003c/code\u003e turned required fields into optional nullable fields (e.g., \u003ccode\u003estatus: str | None = 'active'\u003c/code\u003e). Now required fields keep their original non-nullable type and just get the default value rendered (e.g., \u003ccode\u003estatus: str = 'active'\u003c/code\u003e). Users whose downstream code depends on these fields being \u003ccode\u003eOptional\u003c/code\u003e/nullable will need to update. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequired model-ref fields no longer render defaults without \u003ccode\u003e--use-default\u003c/code\u003e - Previously, required fields referencing models (e.g., \u003ccode\u003eshipping_address: Address\u003c/code\u003e) inconsistently rendered defaults with \u003ccode\u003evalidate_default=True\u003c/code\u003e while scalar required fields did not. Now all required fields consistently omit defaults unless \u003ccode\u003e--use-default\u003c/code\u003e is passed. Users who relied on the previous behavior where model-ref required fields had defaults rendered will see those defaults removed. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Template Update Required\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuilt-in Jinja2 templates now use \u003ccode\u003efield.use_default_with_required\u003c/code\u003e - The built-in templates for \u003ccode\u003eBaseModel\u003c/code\u003e, \u003ccode\u003edataclass\u003c/code\u003e, \u003ccode\u003epydantic_v2/dataclass\u003c/code\u003e, and \u003ccode\u003emsgspec\u003c/code\u003e were updated to check \u003ccode\u003efield.use_default_with_required\u003c/code\u003e alongside \u003ccode\u003efield.required\u003c/code\u003e when deciding whether to render defaults. Custom templates that replicate the old default-rendering logic (e.g., \u003ccode\u003e{%- if not field.required %}\u003c/code\u003e) will still work but won't support the new \u003ccode\u003e--use-default\u003c/code\u003e behavior for required fields. To get the updated behavior, custom templates should change conditions like \u003ccode\u003enot field.required\u003c/code\u003e to \u003ccode\u003e(not field.required or field.use_default_with_required)\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden workflow credentials by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3095\"\u003ekoxudaxi/datamodel-code-generator#3095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release automation workflows by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3110\"\u003ekoxudaxi/datamodel-code-generator#3110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce shared assertions in e2e tests by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3108\"\u003ekoxudaxi/datamodel-code-generator#3108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docs preview required check by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3112\"\u003ekoxudaxi/datamodel-code-generator#3112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix required field default rendering and --use-default nullable types by \u003ca href=\"https://github.com/butvinm\"\u003e\u003ccode\u003e@​butvinm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3054\"\u003ekoxudaxi/datamodel-code-generator#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused CLI doc schema version lookup by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3113\"\u003ekoxudaxi/datamodel-code-generator#3113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix byte to binary type mapping by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3114\"\u003ekoxudaxi/datamodel-code-generator#3114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate generated docs sync PRs by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3117\"\u003ekoxudaxi/datamodel-code-generator#3117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport local HTTP ref paths by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3116\"\u003ekoxudaxi/datamodel-code-generator#3116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix reuse discriminator literals by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3115\"\u003ekoxudaxi/datamodel-code-generator#3115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocstrings that can be single line to be formatted on a single line by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3107\"\u003ekoxudaxi/datamodel-code-generator#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix indefinite hang on OpenAPI schemas with cyclic model dependencies by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3078\"\u003ekoxudaxi/datamodel-code-generator#3078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAPI enum literal alias regression test by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3124\"\u003ekoxudaxi/datamodel-code-generator#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pydantic model extra warnings by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3127\"\u003ekoxudaxi/datamodel-code-generator#3127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix snake case array discriminator by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3125\"\u003ekoxudaxi/datamodel-code-generator#3125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix serialization alias choices by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3126\"\u003ekoxudaxi/datamodel-code-generator#3126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix generated docs sync prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3129\"\u003ekoxudaxi/datamodel-code-generator#3129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd manual generated docs sync trigger by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3130\"\u003ekoxudaxi/datamodel-code-generator#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse source tree for generated prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3132\"\u003ekoxudaxi/datamodel-code-generator#3132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate enum member descriptions for anyOf const pattern by \u003ca href=\"https://github.com/mvanhorn\"\u003e\u003ccode\u003e@​mvanhorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3133\"\u003ekoxudaxi/datamodel-code-generator#3133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow generated prompt snapshot updates by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3134\"\u003ekoxudaxi/datamodel-code-generator#3134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWrite generated prompt snapshots directly by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3135\"\u003ekoxudaxi/datamodel-code-generator#3135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve tox python preference for generated docs by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3136\"\u003ekoxudaxi/datamodel-code-generator#3136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSync generated docs by \u003ca href=\"https://github.com/dcg-generated-docs\"\u003e\u003ccode\u003e@​dcg-generated-docs\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3137\"\u003ekoxudaxi/datamodel-code-generator#3137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mvanhorn\"\u003e\u003ccode\u003e@​mvanhorn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3133\"\u003ekoxudaxi/datamodel-code-generator#3133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dcg-generated-docs\"\u003e\u003ccode\u003e@​dcg-generated-docs\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3137\"\u003ekoxudaxi/datamodel-code-generator#3137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/compare/0.56.1...0.57.0\"\u003ehttps://github.com/koxudaxi/datamodel-code-generator/compare/0.56.1...0.57.0\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/releases/tag/0.56.1\"\u003e0.56.1\u003c/a\u003e - 2026-04-16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e--base-class-map\u003c/code\u003e and \u003ccode\u003e--enum-field-as-literal-map\u003c/code\u003e long inline json support by \u003ca href=\"https://github.com/ilovelinux\"\u003e\u003ccode\u003e@​ilovelinux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3075\"\u003ekoxudaxi/datamodel-code-generator#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/d0aa6ab9912603a5e8b7c78ff62a1893078542d4\"\u003e\u003ccode\u003ed0aa6ab\u003c/code\u003e\u003c/a\u003e docs: sync generated docs (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3137\"\u003e#3137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/7bd643f3dacdd9f09093bc06a61b0eef49319451\"\u003e\u003ccode\u003e7bd643f\u003c/code\u003e\u003c/a\u003e Preserve tox python preference for generated docs (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/64f218a5711dfde954e50eb6b50c47b254fd35b4\"\u003e\u003ccode\u003e64f218a\u003c/code\u003e\u003c/a\u003e Write generated prompt snapshots directly (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3135\"\u003e#3135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/a7d1e9c47a8603ffd7668264a4e8fe02553d0f90\"\u003e\u003ccode\u003ea7d1e9c\u003c/code\u003e\u003c/a\u003e Allow generated prompt snapshot updates (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3134\"\u003e#3134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/9210c193922c52949e288e8f68e195d56acd34b4\"\u003e\u003ccode\u003e9210c19\u003c/code\u003e\u003c/a\u003e Propagate enum member descriptions for anyOf const pattern (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3133\"\u003e#3133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/928ba552f4190f0b4c2390d135dcbbb6048ddfc3\"\u003e\u003ccode\u003e928ba55\u003c/code\u003e\u003c/a\u003e Use source tree for generated prompt snapshots (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3132\"\u003e#3132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/b59971413184e9151882cb0b5906acbf3b3f4df8\"\u003e\u003ccode\u003eb599714\u003c/code\u003e\u003c/a\u003e Add manual generated docs sync trigger (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3130\"\u003e#3130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/93f2bce292f82fde15fe7ad8d4e0eeb2c7fdbb12\"\u003e\u003ccode\u003e93f2bce\u003c/code\u003e\u003c/a\u003e Fix generated docs sync prompt snapshots (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3129\"\u003e#3129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/919f191f896af8bf62d7aafe9e19a98cf9a05efc\"\u003e\u003ccode\u003e919f191\u003c/code\u003e\u003c/a\u003e Fix serialization alias choices (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3126\"\u003e#3126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/90b0729b303be4246e4ce9babf825d0e4170b9f7\"\u003e\u003ccode\u003e90b0729\u003c/code\u003e\u003c/a\u003e Fix snake case array discriminator (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3125\"\u003e#3125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/compare/0.45.0...0.57.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `presidio-analyzer` from 2.2.361 to 2.2.362\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Microsoft/presidio/releases\"\u003epresidio-analyzer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 2.2.362\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - GPU Device Control via Environment Variable by \u003ca href=\"https://github.com/RonShakutai\"\u003e\u003ccode\u003e@​RonShakutai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1844\"\u003emicrosoft/presidio#1844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add HuggingFaceNerRecognizer for direct NER model inference by \u003ca href=\"https://github.com/ultramancode\"\u003e\u003ccode\u003e@​ultramancode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1834\"\u003emicrosoft/presidio#1834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Broken Links by \u003ca href=\"https://github.com/andyjessen\"\u003e\u003ccode\u003e@​andyjessen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1856\"\u003emicrosoft/presidio#1856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin dependencies to mitigate supply chain attacks by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1861\"\u003emicrosoft/presidio#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixing CVE-2024-47874 and CVE-2025-54121 by \u003ca href=\"https://github.com/SharonHart\"\u003e\u003ccode\u003e@​SharonHart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1860\"\u003emicrosoft/presidio#1860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixing CVE-2025-2953 and CVE-2025-3730 by \u003ca href=\"https://github.com/SharonHart\"\u003e\u003ccode\u003e@​SharonHart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1859\"\u003emicrosoft/presidio#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Fixed context enhancement substring matching bug  by \u003ca href=\"https://github.com/ravi-jindal\"\u003e\u003ccode\u003e@​ravi-jindal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1827\"\u003emicrosoft/presidio#1827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix _process_names unconditionally treating all metadata as PHI by \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1855\"\u003emicrosoft/presidio#1855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add UK Postcode (UK_POSTCODE) recognizer by \u003ca href=\"https://github.com/tee-jagz\"\u003e\u003ccode\u003e@​tee-jagz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1858\"\u003emicrosoft/presidio#1858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin ruff and build pip installs by hash for OSSF scorecard compliance by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1864\"\u003emicrosoft/presidio#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd US NPI (National Provider Identifier) recognizer by \u003ca href=\"https://github.com/stevenelliottjr\"\u003e\u003ccode\u003e@​stevenelliottjr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1847\"\u003emicrosoft/presidio#1847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd transformer-based MedicalNERRecognizer for clinical entity detection by \u003ca href=\"https://github.com/stevenelliottjr\"\u003e\u003ccode\u003e@​stevenelliottjr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1853\"\u003emicrosoft/presidio#1853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add Nigeria recognizers (National Identity Number and Vehicle Registration) by \u003ca href=\"https://github.com/tee-jagz\"\u003e\u003ccode\u003e@​tee-jagz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1863\"\u003emicrosoft/presidio#1863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix validation_result type in api docs and type hint by \u003ca href=\"https://github.com/akios-ai\"\u003e\u003ccode\u003e@​akios-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1869\"\u003emicrosoft/presidio#1869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 6.0.0 to 6.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1879\"\u003emicrosoft/presidio#1879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 3.32.3 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1878\"\u003emicrosoft/presidio#1878\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/dependency-review-action from 3.1.5 to 4.8.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1877\"\u003emicrosoft/presidio#1877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump microsoft/security-devops-action from 1.11.0 to 1.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1876\"\u003emicrosoft/presidio#1876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/github-script from 7.0.1 to 8.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1875\"\u003emicrosoft/presidio#1875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump azure/login from 2.1.1 to 2.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1874\"\u003emicrosoft/presidio#1874\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/setup-buildx-action from 3.7.1 to 3.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1873\"\u003emicrosoft/presidio#1873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4.2.0 to 5.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1872\"\u003emicrosoft...\n\n_Description has been truncated_","html_url":"https://github.com/classifyre-com/classifyre/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/classifyre-com%2Fclassifyre/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}],"issue_packages":[{"old_version":"5.3.0","new_version":"6.1.0","update_type":"major","path":null,"pr_created_at":"2026-05-28T22:52:45.000Z","version_change":"5.3.0 → 6.1.0","issue":{"uuid":"4544368049","node_id":"PR_kwDOQbHgbc7gb0Ms","number":6,"state":"closed","title":"chore(deps): bump the pip group across 9 directories with 18 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:52:45.000Z","updated_at":"2026-05-28T22:52:54.000Z","time_to_close":7,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":18,"packages":[{"name":"authlib","old_version":"1.5.2","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"dulwich","old_version":"0.22.8","new_version":"1.2.5","repository_url":"https://github.com/dulwich/dulwich"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"0.3.49","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-openai","old_version":"0.3.11","new_version":"1.1.14","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-text-splitters","old_version":"0.3.7","new_version":"1.1.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.3.19","new_version":"0.8.0","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"lxml","old_version":"5.3.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mem0ai","old_version":"0.1.88","new_version":"2.0.0b2","repository_url":"https://github.com/mem0ai/mem0"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pip","old_version":"24.2","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"poetry","old_version":"2.1.3","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"python-dotenv","old_version":"1.1.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"pytorch-lightning","old_version":"2.5.1.post0","new_version":"2.6.1","repository_url":"https://github.com/Lightning-AI/pytorch-lightning"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen30b/wandb/run-20251119_104422-i55d4x26/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085502-ntfgah7s/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085815-o69alc9b/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_090142-tbmfb9o0/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182158-ymh8qjl6/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182714-8xv4ah4h/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064731-wq8xuzar/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 17 updates in the /wandb/run-20251105_064758-5jy9n26c/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251118_210438-u82h659i/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.5.2` | `1.6.12` |\n| [dulwich](https://github.com/dulwich/dulwich) | `0.22.8` | `1.2.5` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `0.3.11` | `1.1.14` |\n| [langchain-text-splitters](https://github.com/langchain-ai/langchain) | `0.3.7` | `1.1.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.3.19` | `0.8.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.0` | `6.1.0` |\n| [mem0ai](https://github.com/mem0ai/mem0) | `0.1.88` | `2.0.0b2` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [pip](https://github.com/pypa/pip) | `24.2` | `26.1` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.1.3` | `2.3.4` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.5.1.post0` | `2.6.1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n\n\nUpdates `authlib` from 1.5.2 to 1.6.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.11...v1.6.12\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.10...v1.6.11\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF issue with starlette client\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.9...v1.6.10\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.8...v1.6.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in \u003ccode\u003ejose\u003c/code\u003e module\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.7...v1.6.8\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.6...v1.6.7\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/p\u003e\n\u003ch2\u003ev1.6.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ClientAuth): fix incorrect signature when Content-Type is x-www-form-urlencoded by \u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: Use \u003ccode\u003eexpires_in\u003c/code\u003e when \u003ccode\u003eexpires_at\u003c/code\u003e is unparsable by \u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eget_jwt_config\u003c/code\u003e takes a \u003ccode\u003eclient\u003c/code\u003e parameter. by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/844\"\u003eauthlib/authlib#844\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shc261392\"\u003e\u003ccode\u003e@​shc261392\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/778\"\u003eauthlib/authlib#778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bendavis78\"\u003e\u003ccode\u003e@​bendavis78\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/842\"\u003eauthlib/authlib#842\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\"\u003ehttps://github.com/authlib/authlib/compare/v1.6.5...v1.6.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003erequest\u003c/code\u003e param to RFC7591 \u003ccode\u003egenerate_client_info\u003c/code\u003e and \u003ccode\u003egenerate_client_secret\u003c/code\u003e methods by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/825\"\u003eauthlib/authlib#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support list params in prepare_grant_uri by \u003ca href=\"https://github.com/lisongmin\"\u003e\u003ccode\u003e@​lisongmin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/827\"\u003eauthlib/authlib#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/828\"\u003eauthlib/authlib#828\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/blob/1.6.12/docs/changelog.rst\"\u003eauthlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.6.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on may 4, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e\nin \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 16, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CSRF vulnerability in the Starlette OAuth client when a \u003ccode\u003ecache\u003c/code\u003e is\nconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Apr 13, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eUnsupportedResponseTypeError\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 2, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNot using header's \u003ccode\u003ejwk\u003c/code\u003e automatically.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eES256K\u003c/code\u003e into default jwt algorithms.\u003c/li\u003e\n\u003cli\u003eRemove deprecated algorithm from default registry.\u003c/li\u003e\n\u003cli\u003eGenerate random \u003ccode\u003ecek\u003c/code\u003e when \u003ccode\u003ecek\u003c/code\u003e length doesn't match.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 17, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eEdDSA\u003c/code\u003e to default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 6, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSet supported algorithms for the default \u003ccode\u003ejwt\u003c/code\u003e instance.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 1.6.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/e46e515b3a87ea63ab0606b248d75f69d83a2391\"\u003e\u003ccode\u003ee46e515\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9babc131e13b018a267ae78747cba7caa6dfb7d5\"\u003e\u003ccode\u003e9babc13\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on InvalidScopeError in OIDC grants\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/0dc0e5b4dc84f155319518a3732113af6fa47525\"\u003e\u003ccode\u003e0dc0e5b\u003c/code\u003e\u003c/a\u003e chore: bump to 1.6.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/aa7b8e46e00d0622658666476782042ac00153a5\"\u003e\u003ccode\u003eaa7b8e4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/401a7709c3fe43bce1b2105d16a475b688faa788\"\u003e\u003ccode\u003e401a770\u003c/code\u003e\u003c/a\u003e fix: CSRF issue with starlette client\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/ef09aebbba4439dedb22bd15777d1b3458b6f0ab\"\u003e\u003ccode\u003eef09aeb\u003c/code\u003e\u003c/a\u003e chore: release 1.6.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/3be08468201a7766a93012ce149ea12822cab096\"\u003e\u003ccode\u003e3be0846\u003c/code\u003e\u003c/a\u003e fix: redirecting to unvalidated redirect_uri on UnsupportedResponseTypeError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/9266eaa2227ad7e21dc731b2a4a01909aabd934b\"\u003e\u003ccode\u003e9266eaa\u003c/code\u003e\u003c/a\u003e chore: release 1.6.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b\"\u003e\u003ccode\u003eb9bb2b2\u003c/code\u003e\u003c/a\u003e fix(oidc): fail close at validating c_hash and at_hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/authlib/authlib/commit/1b0a1d988842bff7347c4ec0a70e45c3ba55504e\"\u003e\u003ccode\u003e1b0a1d9\u003c/code\u003e\u003c/a\u003e fix(jose): generate random cek when cek length doesn't match\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/authlib/authlib/compare/v1.5.2...1.6.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 0.22.8 to 1.2.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich 1.2.5\u003c/h2\u003e\n\u003cp\u003eThis is a security release. All users are encouraged to upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGHSA-gfhv-vqv2-4544\u003c/strong\u003e -- Validate submodule paths in \u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus \u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream repository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or any other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the submodule's tree contents to be written there with their executable bits intact. The dulwich analogue of git's CVE-2024-32002 / CVE-2024-32004. (Reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42305\u003c/strong\u003e -- Harden tree path validation against entry names that are harmless on POSIX but dangerous when checked out on Windows. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects Windows path separators, the alternate data stream marker \u003ccode\u003e:\u003c/code\u003e, NTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e, and reserved Windows device names. \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every platform, and both \u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their correct option names. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-42563\u003c/strong\u003e -- Shell-quote values substituted into \u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. A malicious branch could inject shell commands when a merge driver referencing \u003ccode\u003e%P\u003c/code\u003e was configured. (Reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCVE-2026-47712\u003c/strong\u003e -- Sanitize commit subjects used in \u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g. \u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e. (Reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ereceive.maxInputSize\u003c/strong\u003e -- Honour \u003ccode\u003ereceive.maxInputSize\u003c/code\u003e in \u003ccode\u003eReceivePackHandler\u003c/code\u003e. Previously a remote unauthenticated client could send a tiny crafted pack that declared a huge \u003ccode\u003edest_size\u003c/code\u003e and trigger hundreds of MB of allocation over \u003ccode\u003egit-receive-pack\u003c/code\u003e. (Reported by Liyi, Ziyue, Strick, Maurice and Chenchen @ University of Sydney)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003edulwich-1.2.4\u003c/h2\u003e\n\u003cp\u003eTolerate ref names with empty path components (e.g. `refs/tags//v1.0`) for now, emitting a `DeprecationWarning` rather than raising a `RefFormatError`. Such names are constructed by older Poetry releases (fixed in Poetry 2.4.0) and were silently accepted before Dulwich 1.2.3. `local_branch_name`, `local_tag_name` and `local_replace_name` likewise warn about, and strip, a leading slash instead of raising `ValueError`. Both will become errors again in a future release. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2192\"\u003e#2192\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.2.0\u003c/h2\u003e\n\u003ch2\u003eNotable changes since 1.1.0\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eam\u003c/code\u003e command and \u003ccode\u003eporcelain.am()\u003c/code\u003e for applying mailbox-style email patches (\u003ccode\u003egit am\u003c/code\u003e), with state persistence for \u003ccode\u003e--continue\u003c/code\u003e, \u003ccode\u003e--skip\u003c/code\u003e, \u003ccode\u003e--abort\u003c/code\u003e, and \u003ccode\u003e--quit\u003c/code\u003e recovery (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1692\"\u003e#1692\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eapply\u003c/code\u003e command and \u003ccode\u003eporcelain.apply_patch()\u003c/code\u003e for applying unified diffs, including rename/copy detection, binary patches with Git's base85 encoding, and \u003ccode\u003e--3way\u003c/code\u003e merge fallback (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1784\"\u003e#1784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eExpand \u003ccode\u003elog\u003c/code\u003e command options: \u003ccode\u003e--oneline\u003c/code\u003e, \u003ccode\u003e--abbrev-commit\u003c/code\u003e, \u003ccode\u003e--author\u003c/code\u003e, \u003ccode\u003e--committer\u003c/code\u003e, \u003ccode\u003e--grep\u003c/code\u003e, \u003ccode\u003e--since\u003c/code\u003e/\u003ccode\u003e--after\u003c/code\u003e, \u003ccode\u003e--until\u003c/code\u003e/\u003ccode\u003e--before\u003c/code\u003e, \u003ccode\u003e-n\u003c/code\u003e/\u003ccode\u003e--max-count\u003c/code\u003e, \u003ccode\u003e--no-merges\u003c/code\u003e, \u003ccode\u003e--merges\u003c/code\u003e, \u003ccode\u003e--stat\u003c/code\u003e, \u003ccode\u003e-p\u003c/code\u003e/\u003ccode\u003e--patch\u003c/code\u003e, \u003ccode\u003e--name-only\u003c/code\u003e, and \u003ccode\u003e--follow\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1779\"\u003e#1779\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for push options (\u003ccode\u003e-o\u003c/code\u003e/\u003ccode\u003e--push-option\u003c/code\u003e) in \u003ccode\u003epush\u003c/code\u003e, enabling AGit flow and other server-side push option workflows.\u003c/li\u003e\n\u003cli\u003eAdd missing push options: \u003ccode\u003e--all\u003c/code\u003e, \u003ccode\u003e--tags\u003c/code\u003e, \u003ccode\u003e--delete\u003c/code\u003e, \u003ccode\u003e--dry-run\u003c/code\u003e, \u003ccode\u003e--prune\u003c/code\u003e, \u003ccode\u003e--set-upstream\u003c/code\u003e, \u003ccode\u003e--follow-tags\u003c/code\u003e, and \u003ccode\u003e--mirror\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1844\"\u003e#1844\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for atomic push operations (\u003ccode\u003e--atomic\u003c/code\u003e): either all ref updates succeed or none are applied (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1781\"\u003e#1781\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eextensions.relativeworktrees\u003c/code\u003e repository extension, allowing worktrees to use relative paths (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2112\"\u003e#2112\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.5\t2026-05-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(GHSA-gfhv-vqv2-4544): Validate submodule paths in\n\u003ccode\u003eporcelain.submodule_update\u003c/code\u003e (and thus\n\u003ccode\u003eporcelain.clone(recurse_submodules=True)\u003c/code\u003e). A crafted upstream\nrepository could carry a submodule whose path was \u003ccode\u003e.git/hooks\u003c/code\u003e (or\nany other path inside \u003ccode\u003e.git\u003c/code\u003e or above the work tree), causing the\nsubmodule's tree contents to be written there with their executable\nbits intact -- dropping a hook that later commands would run. Submodule\npaths are now rejected if they are absolute or carry a component that\nthe configured path validator refuses, and the submodule's own tree is\nmaterialized with the same validator. This is the dulwich analogue of git's\nCVE-2024-32002 / CVE-2024-32004.\n(Jelmer Vernooij; reported by tonghuaroot)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-42305): Harden tree path validation against entry\nnames that are harmless on POSIX but dangerous when checked out on\nWindows. A crafted tree could previously carry such names through to\nthe work tree. \u003ccode\u003evalidate_path_element_ntfs\u003c/code\u003e now also rejects:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWindows path separators, so an entry named\n\u003ccode\u003e.git\\hooks\\pre-commit.exe\u003c/code\u003e can no longer materialize a file\ninside \u003ccode\u003e.git\u003c/code\u003e that Git for Windows would execute.\u003c/li\u003e\n\u003cli\u003eThe alternate data stream marker \u003ccode\u003e:\u003c/code\u003e (e.g.\n\u003ccode\u003e.git::$INDEX_ALLOCATION\u003c/code\u003e, which writes into \u003ccode\u003e.git\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003eNTFS 8.3 short-name aliases of \u003ccode\u003e.git\u003c/code\u003e (\u003ccode\u003egit~\u0026lt;digits\u0026gt;\u003c/code\u003e); only\n\u003ccode\u003egit~1\u003c/code\u003e was rejected before.\u003c/li\u003e\n\u003cli\u003eReserved Windows device names (\u003ccode\u003eCON\u003c/code\u003e, \u003ccode\u003ePRN\u003c/code\u003e, \u003ccode\u003eAUX\u003c/code\u003e, \u003ccode\u003eNUL\u003c/code\u003e,\n\u003ccode\u003eCOM1\u003c/code\u003e-\u003ccode\u003eCOM9\u003c/code\u003e, \u003ccode\u003eLPT1\u003c/code\u003e-\u003ccode\u003eLPT9\u003c/code\u003e), including with an extension or\ntrailing dots/spaces such as \u003ccode\u003eNUL.txt\u003c/code\u003e or \u003ccode\u003eCOM1 .bar\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIn addition, \u003ccode\u003ecore.protectNTFS\u003c/code\u003e now defaults to true on every\nplatform (matching git after CVE-2019-1353), so a POSIX clone no longer\naccepts paths that would be unsafe on a later Windows clone, and both\n\u003ccode\u003ecore.protectNTFS\u003c/code\u003e and \u003ccode\u003ecore.protectHFS\u003c/code\u003e are now read under their\ncorrect option names, having previously been silently ignored. POSIX\nusers who need literal NTFS-unsafe filenames can opt out with\n\u003ccode\u003ecore.protectNTFS=false\u003c/code\u003e.\n(Jelmer Vernooij; reported by Christopher Toth)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY (CVE-2026-42563): Shell-quote values substituted into\n\u003ccode\u003eProcessMergeDriver\u003c/code\u003e commands. \u003ccode\u003e%P\u003c/code\u003e is a path from the git\ntree, so a malicious branch could inject shell commands when the\nuser had a merge driver configured that referenced \u003ccode\u003e%P\u003c/code\u003e.\n(Jelmer Vernooij; reported by Ravishanker Kusuma (hayageek))\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSECURITY(CVE-2026-47712): Sanitize commit subjects used in\n\u003ccode\u003eporcelain.format_patch\u003c/code\u003e filenames so a malicious subject (e.g.\n\u003ccode\u003ex/../../x\u003c/code\u003e) cannot direct the generated patch outside \u003ccode\u003eoutdir\u003c/code\u003e.\n\u003ccode\u003eget_summary\u003c/code\u003e now matches git's \u003ccode\u003eformat_sanitized_subject\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/073f4dfa9840af2da59887ed828b026b609faa6c\"\u003e\u003ccode\u003e073f4df\u003c/code\u003e\u003c/a\u003e Release 1.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/5f85d3e4b0d47dd7fbf37934f9a4b9b6b98bb467\"\u003e\u003ccode\u003e5f85d3e\u003c/code\u003e\u003c/a\u003e tests: fix Windows-only failures in NTFS and merge-driver tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/25313ad7f9d5036b03617dc3dfc284a586966dab\"\u003e\u003ccode\u003e25313ad\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-5'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421\"\u003e\u003ccode\u003e1ca1814\u003c/code\u003e\u003c/a\u003e submodule: Reject unsafe submodule paths in submodule_update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/3559ef15c1e2a8d2a56c98f36b53b29c5d60b9fd\"\u003e\u003ccode\u003e3559ef1\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-4'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/f860ca489d63624ae6d7c7945fbbd19018b8125c\"\u003e\u003ccode\u003ef860ca4\u003c/code\u003e\u003c/a\u003e server: Honour receive.maxInputSize to bound received packs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0fd6e6bb61f8017b1af4b5fdbf7602ddbcf6d17e\"\u003e\u003ccode\u003e0fd6e6b\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0110b885a1ab5b2128473263a6ff5b7230732e49\"\u003e\u003ccode\u003e0110b88\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-2'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290\"\u003e\u003ccode\u003e49eb56e\u003c/code\u003e\u003c/a\u003e Add NEWS entry for CVE-2026-42305\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9\"\u003e\u003ccode\u003e57efc4a\u003c/code\u003e\u003c/a\u003e Merge branch 'advisory-1'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-0.22.8...dulwich-1.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.49 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.49...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 0.3.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.1.14\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.13\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\nfix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36795\"\u003e#36795\u003c/a\u003e)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36777\"\u003e#36777\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.13\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.12\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.1.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36729\"\u003e#36729\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36539\"\u003e#36539\u003c/a\u003e)\nchore(openai): fix broken vcr cassette playback and add ci guard (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36502\"\u003e#36502\u003c/a\u003e)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36500\"\u003e#36500\u003c/a\u003e)\nfix(core): fixed typos in the documentation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36459\"\u003e#36459\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36455\"\u003e#36455\u003c/a\u003e)\nfeat(core): impute placeholder filenames for OpenAI file inputs (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36433\"\u003e#36433\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36368\"\u003e#36368\u003c/a\u003e)\nfix(openai): update computer call test (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36352\"\u003e#36352\u003c/a\u003e)\nfix(openai): let user-provided User-Agent override the Azure default (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35523\"\u003e#35523\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36248\"\u003e#36248\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.12\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.11\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36180\"\u003e#36180\u003c/a\u003e)\nrelease(openai): 1.1.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36178\"\u003e#36178\u003c/a\u003e)\nfix(core,model-profiles): add missing \u003ccode\u003eModelProfile\u003c/code\u003e fields, warn on schema drift (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36129\"\u003e#36129\u003c/a\u003e)\nfix(openai): support phase parameter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36161\"\u003e#36161\u003c/a\u003e)\nfix(openai): preserve namespace field in streaming function_call chunks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36108\"\u003e#36108\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36039\"\u003e#36039\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35860\"\u003e#35860\u003c/a\u003e)\nfix(openai): add type: message to Responses API input items (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35693\"\u003e#35693\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nfeat(model-profiles): new fields + \u003ccode\u003eMakefile\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35788\"\u003e#35788\u003c/a\u003e)\nfix(openai): close PIL Image handles in token counting to prevent fd leak (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35742\"\u003e#35742\u003c/a\u003e)\nfix(openai): typo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35763\"\u003e#35763\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35754\"\u003e#35754\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.1.11\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.1.10\u003c/p\u003e\n\u003cp\u003efix(openai): bump min core version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35705\"\u003e#35705\u003c/a\u003e)\nrelease(openai): 1.1.11 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35703\"\u003e#35703\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a06c205738cf5953e28c37287ddb1559d67c01f6\"\u003e\u003ccode\u003ea06c205\u003c/code\u003e\u003c/a\u003e ci(infra): validate issue checkboxes by section (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36811\"\u003e#36811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/aa33b06deb0d65489ce254b48a8aaf8a86304c18\"\u003e\u003ccode\u003eaa33b06\u003c/code\u003e\u003c/a\u003e fix(langchain-classic): suppress mypy errors in compat code (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36806\"\u003e#36806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==0.3.11...langchain-openai==1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.7 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.0\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35318\"\u003e#35318\u003c/a\u003e)\nfix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35316\"\u003e#35316\u003c/a\u003e)\nchore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35279\"\u003e#35279\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35255\"\u003e#35255\u003c/a\u003e)\nstyle: bump ruff version to 0.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35042\"\u003e#35042\u003c/a\u003e)\nfix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35196\"\u003e#35196\u003c/a\u003e)\nfeat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35113\"\u003e#35113\u003c/a\u003e)\nchore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35162\"\u003e#35162\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 12 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35127\"\u003e#35127\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 8 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35120\"\u003e#35120\u003c/a\u003e)\nchore: add \u003ccode\u003emake type\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35015\"\u003e#35015\u003c/a\u003e)\nrevert: \u0026quot;chore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e\u0026quot; (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35013\"\u003e#35013\u003c/a\u003e)\nchore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35012\"\u003e#35012\u003c/a\u003e)\nfix(text-splitters): reverse preserved elements iterator in \u003ccode\u003eHTMLSemanticPreservingSplitter\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34080\"\u003e#34080\u003c/a\u003e)\nchore: enrich \u003ccode\u003epyproject.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34980\"\u003e#34980\u003c/a\u003e)\nchore(deps): bump the uv group across 20 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34941\"\u003e#34941\u003c/a\u003e)\nchore: upgrade urllib3 to 2.6.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34940\"\u003e#34940\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.7...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.3.19 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(js,py): JS 0.6.0, Py 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2831\"\u003elangchain-ai/langsmith-sdk#2831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(js): 0.6.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2832\"\u003elangchain-ai/langsmith-sdk#2832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(py): 0.8.0 by \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2833\"\u003elangchain-ai/langsmith-sdk#2833\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8.0\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.7.38...v0.8...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/Qwen3-RailroadEngineer1959-RL/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2FQwen3-RailroadEngineer1959-RL/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-28T20:56:21.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4543760423","node_id":"PR_kwDOSqs-LM7gZ0sS","number":5,"state":"open","title":"chore(deps): bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python:uv","dependabot-approved"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T20:56:21.000Z","updated_at":"2026-05-31T04:50:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/TechMatrix-labs/pythinker-code/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/TechMatrix-labs%2Fpythinker-code/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-28T10:05:33.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4539525071","node_id":"PR_kwDOSqM5uM7gL4Bz","number":6,"state":"closed","title":"[upd] pypi: Bump the minor group with 5 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T00:51:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T10:05:33.000Z","updated_at":"2026-05-30T00:51:31.000Z","time_to_close":139556,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"[upd] pypi: Bump","group_name":"minor","update_count":5,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"httpx-socks","old_version":"0.10.0","new_version":"0.11.0","repository_url":"https://github.com/romis2012/httpx-socks"},{"name":"typer","old_version":"0.25.1","new_version":"0.26.2","repository_url":"https://github.com/fastapi/typer"},{"name":"basedpyright","old_version":"1.39.4","new_version":"1.39.6","repository_url":"https://github.com/detachhead/basedpyright"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [httpx-socks](https://github.com/romis2012/httpx-socks) | `0.10.0` | `0.11.0` |\n| [typer](https://github.com/fastapi/typer) | `0.25.1` | `0.26.2` |\n| [basedpyright](https://github.com/detachhead/basedpyright) | `1.39.4` | `1.39.6` |\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httpx-socks` from 0.10.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romis2012/httpx-socks/commit/ae0df29274f3b7018ee30b982a878921667c6511\"\u003e\u003ccode\u003eae0df29\u003c/code\u003e\u003c/a\u003e Delete setup.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romis2012/httpx-socks/commit/4e372f0895438f8034dbc9cb2637dc4e121bd69f\"\u003e\u003ccode\u003e4e372f0\u003c/code\u003e\u003c/a\u003e Move project metadata to pyproject.toml, other fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romis2012/httpx-socks/commit/07bac473517a6265e490eb53abcbbe59b5794fd3\"\u003e\u003ccode\u003e07bac47\u003c/code\u003e\u003c/a\u003e Fix http2 issue (\u003ca href=\"https://redirect.github.com/romis2012/httpx-socks/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/romis2012/httpx-socks/compare/v0.10.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typer` from 0.25.1 to 0.26.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for a \u003ccode\u003etyper.Option\u003c/code\u003e list is split on whitespace. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1791\"\u003e#1791\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for \u003ccode\u003etyper.Option\u003c/code\u003e works as expected. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1788\"\u003e#1788\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1714\"\u003e#1714\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.0\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e➖ Vendor Click and streamline Typer's functionality and code base. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1774\"\u003e#1774\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eTyper no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.\u003c/li\u003e\n\u003cli\u003eThis simplifies the work done by both Click and Typer teams.\u003c/li\u003e\n\u003cli\u003eIt allows Typer to evolve independently, and enables several new planned features.\u003c/li\u003e\n\u003cli\u003eIt will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.\u003c/li\u003e\n\u003cli\u003eThis also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.\u003c/li\u003e\n\u003cli\u003eYou can read more about it in the docs for \u003ca href=\"https://typer.tiangolo.com/tutorial/click/\"\u003eVendored Click\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1778\"\u003e#1778\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update contributing docs, reference central docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1777\"\u003e#1777\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1775\"\u003e#1775\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update link syntax to minimal Markdown. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1623\"\u003e#1623\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify usage of admonitions. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1755\"\u003e#1755\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📌 Pin max version of Click to \u003ccode\u003e\u0026gt;= 8.2.1, \u0026lt; 8.4\u003c/code\u003e temporarily to prevent incompatibilities. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1753\"\u003e#1753\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eSuperseded by vendoring Click.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e👷 Configure Dependabot to group updates and update weekly. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1768\"\u003e#1768\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1780\"\u003e#1780\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1771\"\u003e#1771\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1772\"\u003e#1772\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix categorization of PR 1475 in release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1769\"\u003e#1769\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Add Fish shell completion tests for colon options. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1475\"\u003e#1475\u003c/a\u003e by \u003ca href=\"https://github.com/Mohamed-Elwasila\"\u003e\u003ccode\u003e@​Mohamed-Elwasila\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Extend completion unit tests for zsh, powershell and pwsh. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1767\"\u003e#1767\u003c/a\u003e by \u003ca href=\"https://github.com/ADiTyaRaj8969\"\u003e\u003ccode\u003e@​ADiTyaRaj8969\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1746\"\u003e#1746\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Fix GitHub link in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1754\"\u003e#1754\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Migrate to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1470\"\u003e#1470\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1741\"\u003e#1741\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Remove unnecessary Ruff rule. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1752\"\u003e#1752\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1705\"\u003e#1705\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/blob/master/docs/release-notes.md\"\u003etyper's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.2 (2026-05-27)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for a \u003ccode\u003etyper.Option\u003c/code\u003e list is split on whitespace. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1791\"\u003e#1791\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.1 (2026-05-26)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that an envvar set for \u003ccode\u003etyper.Option\u003c/code\u003e works as expected. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1788\"\u003e#1788\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1714\"\u003e#1714\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.0 (2026-05-26)\u003c/h2\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e➖ Vendor Click and streamline Typer's functionality and code base. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1774\"\u003e#1774\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eTyper no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.\u003c/li\u003e\n\u003cli\u003eThis simplifies the work done by both Click and Typer teams.\u003c/li\u003e\n\u003cli\u003eIt allows Typer to evolve independently, and enables several new planned features.\u003c/li\u003e\n\u003cli\u003eIt will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.\u003c/li\u003e\n\u003cli\u003eThis also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.\u003c/li\u003e\n\u003cli\u003eYou can read more about it in the docs for \u003ca href=\"https://typer.tiangolo.com/tutorial/click/\"\u003eVendored Click\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1778\"\u003e#1778\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update contributing docs, reference central docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1777\"\u003e#1777\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1775\"\u003e#1775\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update link syntax to minimal Markdown. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1623\"\u003e#1623\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify usage of admonitions. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1755\"\u003e#1755\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📌 Pin max version of Click to \u003ccode\u003e\u0026gt;= 8.2.1, \u0026lt; 8.4\u003c/code\u003e temporarily to prevent incompatibilities. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1753\"\u003e#1753\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003eSuperseded by vendoring Click.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e👷 Configure Dependabot to group updates and update weekly. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1768\"\u003e#1768\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1780\"\u003e#1780\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1771\"\u003e#1771\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.21.2 to 10.21.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1772\"\u003e#1772\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix categorization of PR 1475 in release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1769\"\u003e#1769\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Add Fish shell completion tests for colon options. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1475\"\u003e#1475\u003c/a\u003e by \u003ca href=\"https://github.com/Mohamed-Elwasila\"\u003e\u003ccode\u003e@​Mohamed-Elwasila\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✅ Extend completion unit tests for zsh, powershell and pwsh. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1767\"\u003e#1767\u003c/a\u003e by \u003ca href=\"https://github.com/ADiTyaRaj8969\"\u003e\u003ccode\u003e@​ADiTyaRaj8969\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/github-script from 7.1.0 to 9.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1746\"\u003e#1746\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Fix GitHub link in docs. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1754\"\u003e#1754\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Migrate to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1470\"\u003e#1470\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/eef433fcf337734f51ac68a77a82748adfacaa85\"\u003e\u003ccode\u003eeef433f\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.26.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/23474b03bca44ace3c0f7459653b2433626de74e\"\u003e\u003ccode\u003e23474b0\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5568bab22f9de34dbcd25e02a566505a11349d35\"\u003e\u003ccode\u003e5568bab\u003c/code\u003e\u003c/a\u003e 🐛 Ensure that an envvar set for a \u003ccode\u003etyper.Option\u003c/code\u003e list is split on whitespace ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/8c70d4987284a37ca6c418297af0210dc01ed5ac\"\u003e\u003ccode\u003e8c70d49\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.26.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/75ee9272b048a2843cd7acddb8f0cc39b8140e4a\"\u003e\u003ccode\u003e75ee927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/30288540dde2b68d820c450ea0452747be632a84\"\u003e\u003ccode\u003e3028854\u003c/code\u003e\u003c/a\u003e 🐛 Ensure that an envvar set for \u003ccode\u003etyper.Option\u003c/code\u003e works as expected (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1788\"\u003e#1788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/959a356fec72cedcfd4ee3f84790789f8e961989\"\u003e\u003ccode\u003e959a356\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/a79de202db26ae32d00674ba246b59864e2f89c1\"\u003e\u003ccode\u003ea79de20\u003c/code\u003e\u003c/a\u003e ⬆ Bump python-dotenv from 1.2.1 to 1.2.2 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1714\"\u003e#1714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/8f44149ca511ebd26fcaf36c4712e7d8a8004a4d\"\u003e\u003ccode\u003e8f44149\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/d88415fc1d20adcb73f44961f6ae8cff156df016\"\u003e\u003ccode\u003ed88415f\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/typer/compare/0.25.1...0.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basedpyright` from 1.39.4 to 1.39.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/ad82d91ce241116737e65e660c5420dd0366f405\"\u003e\u003ccode\u003ead82d91\u003c/code\u003e\u003c/a\u003e 1.39.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/cf60738b8dbbcc89f02d097a2dfa6e91c540bd86\"\u003e\u003ccode\u003ecf60738\u003c/code\u003e\u003c/a\u003e fix vscode config for formatting markdown files now that we use two formatter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/29e303a1b0b5f401f21c28fe3ea7da4b9db09e35\"\u003e\u003ccode\u003e29e303a\u003c/code\u003e\u003c/a\u003e print stderr from npm commands when build fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/f133f3d6b9a4ef3cf2d53a929a053875e1effbe4\"\u003e\u003ccode\u003ef133f3d\u003c/code\u003e\u003c/a\u003e uncomment some test code which started causing a test to fail. no idea why i ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/f71e96bfe63f0833f3d169cf0df9208a7734929f\"\u003e\u003ccode\u003ef71e96b\u003c/code\u003e\u003c/a\u003e remove python 3.9 check from \u003ccode\u003eTypeAlias4\u003c/code\u003e test because typeshed has dropped s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/e4c40b76f5cb70a44825aa65da7fdaa3f32b4f85\"\u003e\u003ccode\u003ee4c40b7\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/d7c522bc2a8b105d206b5efce0d6dd4e2610b917\"\u003e\u003ccode\u003ed7c522b\u003c/code\u003e\u003c/a\u003e ruff ignore new \u003ccode\u003ebenchmarkData\u003c/code\u003e files from upstream\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/a7cf33dce12ce64f8fb2fecf039c4422c232784a\"\u003e\u003ccode\u003ea7cf33d\u003c/code\u003e\u003c/a\u003e fix eslint in vscode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/14c96beec311ff57bb3ef416ac86f886648b1adb\"\u003e\u003ccode\u003e14c96be\u003c/code\u003e\u003c/a\u003e fix logic for reporting invalid \u003ccode\u003epythonPlatform\u003c/code\u003e detected by the new eslint v...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/DetachHead/basedpyright/commit/280802ce1b2bdbaf78a880b94355ebf702241ca9\"\u003e\u003ccode\u003e280802c\u003c/code\u003e\u003c/a\u003e remove remnants of webpack\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/detachhead/basedpyright/compare/v1.39.4...v1.39.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Amanzuu/Search-Engine-Project/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Amanzuu%2FSearch-Engine-Project/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-27T00:53:06.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4528571642","node_id":"PR_kwDOC8BTjM7foTQH","number":20949,"state":"open","title":"build(deps): bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python","Changed"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-27T00:53:06.000Z","updated_at":"2026-05-27T03:14:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- CURSOR_SUMMARY --\u003e\n---\n\n\u003e [!NOTE]\n\u003e **Low Risk**\n\u003e Lockfile-only patch bump of an optional dev dependency with no production code changes; verify CI/dev installs still resolve correctly.\n\u003e \n\u003e **Overview**\n\u003e Bumps the optional **dev** dependency **`lxml`** from **6.1.0** to **6.1.1** by raising the floor in `pyproject.toml` (`\u003e=6.1.1`) and refreshing **`poetry.lock`** (package version, wheel artifact hashes, and lock `content-hash`).\n\u003e \n\u003e No application or test source changes—only dependency resolution. **`lxml`** remains tied to the `dev` extra and is used in-repo for JUnit XML parsing (`lxml.etree` in `chia/_tests/process_junit.py`), not runtime node/wallet code.\n\u003e \n\u003e \u003csup\u003eReviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 20feb6eaf2b40e6d6a554e9d40874d215c4b200b. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).\u003c/sup\u003e\n\u003c!-- /CURSOR_SUMMARY --\u003e","html_url":"https://github.com/Chia-Network/chia-blockchain/pull/20949","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chia-Network%2Fchia-blockchain/issues/20949","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20949/packages"}},{"old_version":"6.0.0","new_version":"6.1.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T03:09:58.000Z","version_change":"6.0.0 → 6.1.0","issue":{"uuid":"4521014144","node_id":"PR_kwDOOCoWus7fPvj8","number":1,"state":"open","title":"Bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T03:09:58.000Z","updated_at":"2026-05-26T03:11:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":4,"packages":[{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"langchain-core","old_version":"1.3.0","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"lxml","old_version":"6.0.0","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the / directory: [idna](https://github.com/kjd/idna), [langchain-core](https://github.com/langchain-ai/langchain), [lxml](https://github.com/lxml/lxml) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.3.0 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.3.0...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.0 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.0...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/ollama-deep-researcher/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n🔄 This PR updates four Python dependencies (idna, langchain-core, lxml, urllib3) in the uv dependency group to their latest versions. The updates include important security fixes, particularly for lxml and urllib3, along with bug fixes and feature improvements across all packages.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **idna**: Updated from 3.10 to 3.15 with security fixes for CVE-2026-45409 and CVE-2026-45409, addressing quadratic time processing vulnerabilities\n- **langchain-core**: Updated from 1.3.0 to 1.3.3 with security hardening for `load()` function against untrusted manifests and improved tool handling\n- **lxml**: Updated from 6.0.0 to 6.1.0 fixing XXE vulnerability (CVE-2026-41066) in `iterparse()` and `ETCompatXMLParser`\n- **urllib3**: Updated from 2.6.3 to 2.7.0 addressing decompression-bomb bypass vulnerabilities and proxy header stripping issues\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify Updates]\n    B --\u003e C[Security Patches]\n    B --\u003e D[Feature Updates]\n    B --\u003e E[Bug Fixes]\n    C --\u003e F[idna: CVE fixes]\n    C --\u003e G[lxml: XXE protection]\n    C --\u003e H[urllib3: Decompression safeguards]\n    D --\u003e I[langchain-core: Tool improvements]\n    E --\u003e J[Various stability fixes]\n    F --\u003e K[Updated Dependencies]\n    G --\u003e K\n    H --\u003e K\n    I --\u003e K\n    J --\u003e K\n```\n\n### Impact\n- **Security Enhancement**: Critical vulnerabilities patched in idna, lxml, and urllib3 protecting against XXE attacks, quadratic time processing, and decompression bombs\n- **Stability Improvement**: Bug fixes across all packages improve reliability, particularly in HTTP response handling and XML parsing\n- **Feature Addition**: New capabilities like configurable chunk sizes in lxml and improved tool handling in langchain-core enhance functionality\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/ollama-deep-researcher/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Follama-deep-researcher/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"\u003c7.0.0,\u003e=6.0.2","new_version":"\u003e=6.1.1,\u003c7.0.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T00:19:40.000Z","version_change":"\u003c7.0.0,\u003e=6.0.2 → \u003e=6.1.1,\u003c7.0.0","issue":{"uuid":"4520297200","node_id":"PR_kwDOSnyNFs7fNaBQ","number":1,"state":"open","title":"deps(deps): update lxml requirement from \u003c7.0.0,\u003e=6.0.2 to \u003e=6.1.1,\u003c7.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:19:40.000Z","updated_at":"2026-05-26T00:19:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): update","packages":[{"name":"lxml","old_version":"\u003c7.0.0,\u003e=6.0.2","new_version":"\u003e=6.1.1,\u003c7.0.0","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/graham-a11y/Claude-seo/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/graham-a11y%2FClaude-seo/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-25T23:06:33.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4520006161","node_id":"PR_kwDOO9zzg87fMc_W","number":116,"state":"open","title":"chore(deps): bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T23:06:33.000Z","updated_at":"2026-05-25T23:06:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=uv\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Brain-Modulation-Lab/DBSAnnotator/pull/116","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Brain-Modulation-Lab%2FDBSAnnotator/issues/116","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/116/packages"}},{"old_version":"\u003e=4.9.0","new_version":"\u003e=6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-25T13:46:24.000Z","version_change":"\u003e=4.9.0 → \u003e=6.1.1","issue":{"uuid":"4517355771","node_id":"PR_kwDOQvQ14c7fD58u","number":26,"state":"open","title":"deps(deps): update lxml requirement from \u003e=4.9.0 to \u003e=6.1.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T13:46:24.000Z","updated_at":"2026-05-25T13:46:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps): update","packages":[{"name":"lxml","old_version":"\u003e=4.9.0","new_version":"\u003e=6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [lxml](https://github.com/lxml/lxml) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-4.9.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/acuhlmann/hackersbot/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/acuhlmann%2Fhackersbot/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-25T04:41:50.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4514318366","node_id":"PR_kwDOERpozs7e6EfY","number":1059,"state":"open","title":"Deps: Bump the python-packages group with 27 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T04:41:50.000Z","updated_at":"2026-05-25T04:43:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Deps: Bump","group_name":"python-packages","update_count":27,"packages":[{"name":"django","old_version":"4.2.30","new_version":"5.2.14","repository_url":"https://github.com/django/django"},{"name":"djangorestframework","old_version":"3.16.1","new_version":"3.17.1","repository_url":"https://github.com/encode/django-rest-framework"},{"name":"weasyprint","old_version":"66.0","new_version":"68.1","repository_url":"https://github.com/Kozea/WeasyPrint"},{"name":"pylint","old_version":"3.3.9","new_version":"4.0.5","repository_url":"https://github.com/pylint-dev/pylint"},{"name":"pytest","old_version":"8.4.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-django","old_version":"4.11.1","new_version":"4.12.0","repository_url":"https://github.com/pytest-dev/pytest-django"},{"name":"pytest-env","old_version":"1.1.5","new_version":"1.6.0","repository_url":"https://github.com/pytest-dev/pytest-env"},{"name":"pontos","old_version":"26.2.0","new_version":"26.5.0","repository_url":"https://github.com/greenbone/pontos"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"astroid","old_version":"3.3.11","new_version":"4.0.4","repository_url":"https://github.com/pylint-dev/astroid"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"coverage","old_version":"7.10.7","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"cssselect2","old_version":"0.8.0","new_version":"0.9.0","repository_url":"https://github.com/Kozea/cssselect2"},{"name":"fonttools","old_version":"4.60.2","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"idna","old_version":"3.15","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"iniconfig","old_version":"2.1.0","new_version":"2.3.0","repository_url":"https://github.com/pytest-dev/iniconfig"},{"name":"isort","old_version":"6.1.0","new_version":"8.0.1","repository_url":"https://github.com/PyCQA/isort"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"markdown-it-py","old_version":"3.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"platformdirs","old_version":"4.4.0","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pycparser","old_version":"2.23","new_version":"3.0","repository_url":"https://github.com/eliben/pycparser"},{"name":"pydyf","old_version":"0.11.0","new_version":"0.12.1","repository_url":"https://github.com/CourtBouillon/pydyf"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"tinycss2","old_version":"1.4.0","new_version":"1.5.1","repository_url":"https://github.com/Kozea/tinycss2"},{"name":"tinyhtml5","old_version":"2.0.0","new_version":"2.1.0","repository_url":"https://github.com/CourtBouillon/tinyhtml5"},{"name":"zopfli","old_version":"0.2.3.post1","new_version":"0.4.1","repository_url":"https://github.com/fonttools/py-zopfli"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 27 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [django](https://github.com/django/django) | `4.2.30` | `5.2.14` |\n| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.1` | `3.17.1` |\n| [weasyprint](https://github.com/Kozea/WeasyPrint) | `66.0` | `68.1` |\n| [pylint](https://github.com/pylint-dev/pylint) | `3.3.9` | `4.0.5` |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.4.2` | `9.0.3` |\n| [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.11.1` | `4.12.0` |\n| [pytest-env](https://github.com/pytest-dev/pytest-env) | `1.1.5` | `1.6.0` |\n| [pontos](https://github.com/greenbone/pontos) | `26.2.0` | `26.5.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [astroid](https://github.com/pylint-dev/astroid) | `3.3.11` | `4.0.4` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.10.7` | `7.14.0` |\n| [cssselect2](https://github.com/Kozea/cssselect2) | `0.8.0` | `0.9.0` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.60.2` | `4.63.0` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.16` |\n| [iniconfig](https://github.com/pytest-dev/iniconfig) | `2.1.0` | `2.3.0` |\n| [isort](https://github.com/PyCQA/isort) | `6.1.0` | `8.0.1` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `3.0.0` | `4.2.0` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.4.0` | `4.9.6` |\n| [pycparser](https://github.com/eliben/pycparser) | `2.23` | `3.0` |\n| [pydyf](https://github.com/CourtBouillon/pydyf) | `0.11.0` | `0.12.1` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.14` |\n| [tinycss2](https://github.com/Kozea/tinycss2) | `1.4.0` | `1.5.1` |\n| [tinyhtml5](https://github.com/CourtBouillon/tinyhtml5) | `2.0.0` | `2.1.0` |\n| [zopfli](https://github.com/fonttools/py-zopfli) | `0.2.3.post1` | `0.4.1` |\n\nUpdates `django` from 4.2.30 to 5.2.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/024c26b1e77ea5b1b158265167ade47927a64c06\"\u003e\u003ccode\u003e024c26b\u003c/code\u003e\u003c/a\u003e [5.2.x] Bumped version for 5.2.14 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/2115d4eaee15107f5cd290d7cfcc5ffe3ad43661\"\u003e\u003ccode\u003e2115d4e\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/47cf968c125e3fab317e10fe150ec479e745f995\"\u003e\u003ccode\u003e47cf968\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/2ec27eda3ba6c14f0856e6e3eb1df07c41fd95e6\"\u003e\u003ccode\u003e2ec27ed\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ed18840c8cd1be81fdb3955cbfc9459989d6df68\"\u003e\u003ccode\u003eed18840\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/de3f622b7fa72aee68650f15263f2788b626680a\"\u003e\u003ccode\u003ede3f622\u003c/code\u003e\u003c/a\u003e [5.2.x] Added stub release notes and release date for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/fb61c8a6e902abc885048a1a78592a4bd4329f87\"\u003e\u003ccode\u003efb61c8a\u003c/code\u003e\u003c/a\u003e [5.2.x] Refs CVE-2026-4292 -- Isolated new test in AdminViewListEditable.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/bd1a7583061a96059ea560eb7b59bebce4240778\"\u003e\u003ccode\u003ebd1a758\u003c/code\u003e\u003c/a\u003e [5.2.x] Fixed two issues in release helper scripts/verify_release.sh.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/da57aaad76e674fdb01b741974acf229d3ac4132\"\u003e\u003ccode\u003eda57aaa\u003c/code\u003e\u003c/a\u003e [5.2.x] Added CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, an...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/c9a8bdbc4839a442b1a0453bd8ed38def4776139\"\u003e\u003ccode\u003ec9a8bdb\u003c/code\u003e\u003c/a\u003e [5.2.x] Post-release version bump.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/4.2.30...5.2.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `djangorestframework` from 3.16.1 to 3.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/django-rest-framework/releases\"\u003edjangorestframework's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9928\"\u003eencode/django-rest-framework#9928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\"\u003ehttps://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 by \u003ca href=\"https://github.com/auvipy\"\u003e\u003ccode\u003e@​auvipy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9781\"\u003eencode/django-rest-framework#9781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop deprecated coreapi support by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9895\"\u003eencode/django-rest-framework#9895\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to specify output format for \u003ccode\u003eDurationField\u003c/code\u003e by \u003ca href=\"https://github.com/sevdog\"\u003e\u003ccode\u003e@​sevdog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/8532\"\u003eencode/django-rest-framework#8532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing decorators: \u003ccode\u003e@versioning_class()\u003c/code\u003e, \u003ccode\u003e@content_negotiation_class()\u003c/code\u003e, \u003ccode\u003e@metadata_class()\u003c/code\u003e for function-based views by \u003ca href=\"https://github.com/qqii\"\u003e\u003ccode\u003e@​qqii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9719\"\u003eencode/django-rest-framework#9719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9780\"\u003eencode/django-rest-framework#9780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eviolation_error_code\u003c/code\u003e and \u003ccode\u003eviolation_error_message\u003c/code\u003e from \u003ccode\u003eUniqueConstraint\u003c/code\u003e in \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e by \u003ca href=\"https://github.com/s-aleshin\"\u003e\u003ccode\u003e@​s-aleshin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9766\"\u003eencode/django-rest-framework#9766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eipaddress\u003c/code\u003e objects in \u003ccode\u003eJSONEncoder\u003c/code\u003e by \u003ca href=\"https://github.com/corenting\"\u003e\u003ccode\u003e@​corenting\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9087\"\u003eencode/django-rest-framework#9087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional support to serialize \u003ccode\u003eBigInteger\u003c/code\u003e to string by \u003ca href=\"https://github.com/HoodyH\"\u003e\u003ccode\u003e@​HoodyH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9775\"\u003eencode/django-rest-framework#9775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Django 6.0 support by \u003ca href=\"https://github.com/MehrazRumman\"\u003e\u003ccode\u003e@​MehrazRumman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9819\"\u003eencode/django-rest-framework#9819\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent small risk of \u003ccode\u003eToken\u003c/code\u003e overwrite by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9754\"\u003eencode/django-rest-framework#9754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e validation when condition references a read-only field by \u003ca href=\"https://github.com/ticosax\"\u003e\u003ccode\u003e@​ticosax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9764\"\u003eencode/django-rest-framework#9764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix validation on many to many field when \u003ccode\u003edefault=None\u003c/code\u003e by \u003ca href=\"https://github.com/Genarito\"\u003e\u003ccode\u003e@​Genarito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9790\"\u003eencode/django-rest-framework#9790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid SPDX license expression in \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/TheFunctionalGuy\"\u003e\u003ccode\u003e@​TheFunctionalGuy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9799\"\u003eencode/django-rest-framework#9799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e to ensure a valid \u003ccode\u003edatetime-local\u003c/code\u003e format by \u003ca href=\"https://github.com/mgaligniana\"\u003e\u003ccode\u003e@​mgaligniana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9365\"\u003eencode/django-rest-framework#9365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mutable default arguments in OrderingFilter methods by \u003ca href=\"https://github.com/killerdevildog\"\u003e\u003ccode\u003e@​killerdevildog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9742\"\u003eencode/django-rest-framework#9742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate TokenAdmin to respect USERNAME_FIELD of the user model by \u003ca href=\"https://github.com/m000\"\u003e\u003ccode\u003e@​m000\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9836\"\u003eencode/django-rest-framework#9836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve ordering in \u003ccode\u003eMultipleChoiceField\u003c/code\u003e by \u003ca href=\"https://github.com/fbozhang\"\u003e\u003ccode\u003e@​fbozhang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9735\"\u003eencode/django-rest-framework#9735\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate French translation by \u003ca href=\"https://github.com/SebCorbin\"\u003e\u003ccode\u003e@​SebCorbin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9770\"\u003eencode/django-rest-framework#9770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Brazilian Portuguese translations by \u003ca href=\"https://github.com/JVPinheiroReis\"\u003e\u003ccode\u003e@​JVPinheiroReis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9828\"\u003eencode/django-rest-framework#9828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and improve French translations by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9896\"\u003eencode/django-rest-framework#9896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing Russian translation by \u003ca href=\"https://github.com/minorytanaka\"\u003e\u003ccode\u003e@​minorytanaka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9903\"\u003eencode/django-rest-framework#9903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate packaging to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9056\"\u003eencode/django-rest-framework#9056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove package data rules from \u003ccode\u003eMANIFEST.in\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9825\"\u003eencode/django-rest-framework#9825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet up release workflow with trusted publisher by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9852\"\u003eencode/django-rest-framework#9852\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor token generation to use the \u003ccode\u003esecrets\u003c/code\u003e module by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9760\"\u003eencode/django-rest-framework#9760\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd validation for decorator out-of-order with \u003ccode\u003e@api_view\u003c/code\u003e by \u003ca href=\"https://github.com/kernelshard\"\u003e\u003ccode\u003e@​kernelshard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9821\"\u003eencode/django-rest-framework#9821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to mkdocs material theme for documentation by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9849\"\u003eencode/django-rest-framework#9849\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khaledsukkar2\"\u003e\u003ccode\u003e@​khaledsukkar2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9717\"\u003eencode/django-rest-framework#9717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/22e231cf2f77b4cfe929de875d958b93916b1a8b\"\u003e\u003ccode\u003e22e231c\u003c/code\u003e\u003c/a\u003e Prepare bug fix release 3.17.1 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9931\"\u003e#9931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/8e99b53db7b122417580ec2993ac6776b4d858d5\"\u003e\u003ccode\u003e8e99b53\u003c/code\u003e\u003c/a\u003e Add condition to skip pushed tags from forks (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9924\"\u003e#9924\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c0407dee6ef8a5603c2d5d34373d724be7b98188\"\u003e\u003ccode\u003ec0407de\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9928\"\u003e#9928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/30d58a75eeef7097f97cdc9f171d2ec741b36d30\"\u003e\u003ccode\u003e30d58a7\u003c/code\u003e\u003c/a\u003e Fix the book sizing in the documentation (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9926\"\u003e#9926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/6f03b79c057c470524b12e9ac46bc2bb384570e0\"\u003e\u003ccode\u003e6f03b79\u003c/code\u003e\u003c/a\u003e Tweak order of changes in release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/021ab5664b085594876032cf062c1220bc1ca03c\"\u003e\u003ccode\u003e021ab56\u003c/code\u003e\u003c/a\u003e Bump version and update release notes for 3.17.0 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9921\"\u003e#9921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/19ebad70ae560e3f83c0e30af6be7c7df3b5aeec\"\u003e\u003ccode\u003e19ebad7\u003c/code\u003e\u003c/a\u003e Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9923\"\u003e#9923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/f222c55d8a498c9770f2795c6cd34fedffaf043c\"\u003e\u003ccode\u003ef222c55\u003c/code\u003e\u003c/a\u003e Correct requires-python key in pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/7e7de6fceee3ad2e20b0dd93b119b6b00eadd797\"\u003e\u003ccode\u003e7e7de6f\u003c/code\u003e\u003c/a\u003e Remove code fences from release checklist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c599d309490fe59ae385954ad544a64b58abffd2\"\u003e\u003ccode\u003ec599d30\u003c/code\u003e\u003c/a\u003e Update release process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.16.1...3.17.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `weasyprint` from 66.0 to 68.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/WeasyPrint/releases\"\u003eweasyprint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev68.1\u003c/h2\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2662\"\u003e#2662\u003c/a\u003e: Don’t crash when SVG clip paths are not in defs tags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2665\"\u003e#2665\u003c/a\u003e: Fix position of box bounding box\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2663\"\u003e#2663\u003c/a\u003e: Fix transparency with Acrobat and Edge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2666\"\u003e#2666\u003c/a\u003e: Don’t rely on random default font to define test page size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2670\"\u003e#2670\u003c/a\u003e: Fix pattern detection of URL schemes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/pull/2671\"\u003e#2671\u003c/a\u003e: Improve API compatibility between URLFetcherResponse and addinfourl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2672\"\u003e#2672\u003c/a\u003e: Fix charset for old URL fetcher requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/pull/2675\"\u003e#2675\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2673\"\u003e#2673\u003c/a\u003e: Fix calc for many properties\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGuillaume Ayoub\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBackers and sponsors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpacinov\u003c/li\u003e\n\u003cli\u003eSyslifters\u003c/li\u003e\n\u003cli\u003eKobalt\u003c/li\u003e\n\u003cli\u003eSimon Sapin\u003c/li\u003e\n\u003cli\u003eGrip Angebotssoftware\u003c/li\u003e\n\u003cli\u003eManuel Barkhau\u003c/li\u003e\n\u003cli\u003eSimonsoft\u003c/li\u003e\n\u003cli\u003eKontextWork\u003c/li\u003e\n\u003cli\u003eMenutech\u003c/li\u003e\n\u003cli\u003eTrainingSparkle\u003c/li\u003e\n\u003cli\u003eHealthchecks.io\u003c/li\u003e\n\u003cli\u003eMethod B\u003c/li\u003e\n\u003cli\u003eFieldHub\u003c/li\u003e\n\u003cli\u003eHammerbacher\u003c/li\u003e\n\u003cli\u003eYanal-Yves Fargialla\u003c/li\u003e\n\u003cli\u003eMorntag\u003c/li\u003e\n\u003cli\u003ePiloterr\u003c/li\u003e\n\u003cli\u003eXavid\u003c/li\u003e\n\u003cli\u003eCharlie S.\u003c/li\u003e\n\u003cli\u003eProthesis Dental Solutions\u003c/li\u003e\n\u003cli\u003eKai DeLorenzo\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev68.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eThis is a security update (CVE-2025-68616).\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eWe strongly recommend to upgrade WeasyPrint to the latest version if you use the \u003ccode\u003edefault_url_fetcher\u003c/code\u003e function in your custom URL fetcher, or if you use the \u003ccode\u003eallowed_protocols\u003c/code\u003e parameter of the \u003ccode\u003edefault_url_fetcher\u003c/code\u003e function.\u003c/p\u003e\n\u003cp\u003eRead about this release \u003ca href=\"https://www.courtbouillon.org/blog/00061-weasyprint-68/\"\u003eon our blog\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/WeasyPrint/blob/main/docs/changelog.rst\"\u003eweasyprint's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 68.1\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-02-06.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#2662](https://github.com/Kozea/WeasyPrint/issues/2662) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2662\u0026gt;\u003c/code\u003e_:\nDon’t crash when SVG clip paths are not in defs tags\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2665](https://github.com/Kozea/WeasyPrint/issues/2665) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2665\u0026gt;\u003c/code\u003e_:\nFix position of box bounding box\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2663](https://github.com/Kozea/WeasyPrint/issues/2663) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2663\u0026gt;\u003c/code\u003e_:\nFix transparency with Acrobat and Edge\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2666](https://github.com/Kozea/WeasyPrint/issues/2666) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2666\u0026gt;\u003c/code\u003e_:\nDon’t rely on random default font to define test page size\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2670](https://github.com/Kozea/WeasyPrint/issues/2670) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2670\u0026gt;\u003c/code\u003e_:\nFix pattern detection of URL schemes\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2671](https://github.com/Kozea/WeasyPrint/issues/2671) \u0026lt;https://github.com/Kozea/WeasyPrint/pull/2671\u0026gt;\u003c/code\u003e_:\nImprove API compatibility between URLFetcherResponse and addinfourl\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2672](https://github.com/Kozea/WeasyPrint/issues/2672) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2672\u0026gt;\u003c/code\u003e_:\nFix charset for old URL fetcher requests\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#2675](https://github.com/Kozea/WeasyPrint/issues/2675) \u0026lt;https://github.com/Kozea/WeasyPrint/pull/2675\u0026gt;\u003c/code\u003e\u003cem\u003e,\n\u003ccode\u003e[#2673](https://github.com/Kozea/WeasyPrint/issues/2673) \u0026lt;https://github.com/Kozea/WeasyPrint/issues/2673\u0026gt;\u003c/code\u003e\u003c/em\u003e:\nFix calc for many properties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eContributors:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGuillaume Ayoub\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBackers and sponsors:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSpacinov\u003c/li\u003e\n\u003cli\u003eSyslifters\u003c/li\u003e\n\u003cli\u003eKobalt\u003c/li\u003e\n\u003cli\u003eSimon Sapin\u003c/li\u003e\n\u003cli\u003eGrip Angebotssoftware\u003c/li\u003e\n\u003cli\u003eManuel Barkhau\u003c/li\u003e\n\u003cli\u003eSimonsoft\u003c/li\u003e\n\u003cli\u003eKontextWork\u003c/li\u003e\n\u003cli\u003eMenutech\u003c/li\u003e\n\u003cli\u003eTrainingSparkle\u003c/li\u003e\n\u003cli\u003eHealthchecks.io\u003c/li\u003e\n\u003cli\u003eMethod B\u003c/li\u003e\n\u003cli\u003eFieldHub\u003c/li\u003e\n\u003cli\u003eHammerbacher\u003c/li\u003e\n\u003cli\u003eYanal-Yves Fargialla\u003c/li\u003e\n\u003cli\u003eMorntag\u003c/li\u003e\n\u003cli\u003ePiloterr\u003c/li\u003e\n\u003cli\u003eXavid\u003c/li\u003e\n\u003cli\u003eCharlie S.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/88d466df43b205c6abbc385e2832cbe6c77aeddc\"\u003e\u003ccode\u003e88d466d\u003c/code\u003e\u003c/a\u003e Version 68.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/d5dab6e9f173826208082f24546977927d9c3c0c\"\u003e\u003ccode\u003ed5dab6e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Kozea/WeasyPrint/issues/2675\"\u003e#2675\u003c/a\u003e from Kozea/fix-calc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/e752cb3fde54d13cdc5eb4a7fdb80fd172a3c28b\"\u003e\u003ccode\u003ee752cb3\u003c/code\u003e\u003c/a\u003e Allow calc for more properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/66928cec7a2b000c706b5699518adbcedeff6e71\"\u003e\u003ccode\u003e66928ce\u003c/code\u003e\u003c/a\u003e Allow calc for preferred content width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/c155e217b8ff1624f536113ab54622effece3ad8\"\u003e\u003ccode\u003ec155e21\u003c/code\u003e\u003c/a\u003e Allow calc for text-underline-offset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/9f5ca24e816a250b3c35cc5dda4b871cbc8d829a\"\u003e\u003ccode\u003e9f5ca24\u003c/code\u003e\u003c/a\u003e Allow calc for text-decoration-thickness\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/b2acd6d5eb7fc00920a883169b62ad13394e1f38\"\u003e\u003ccode\u003eb2acd6d\u003c/code\u003e\u003c/a\u003e Allow calc for hyphenate-limit-zone\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/321bcf696acb710115a467d04fc0b5f640faf627\"\u003e\u003ccode\u003e321bcf6\u003c/code\u003e\u003c/a\u003e Simplify, test and fix wrong calc() values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/38d3f53154a2c3c3d7b29dd11e01ed21f61fc2ab\"\u003e\u003ccode\u003e38d3f53\u003c/code\u003e\u003c/a\u003e Fix and test calc() function for table width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kozea/WeasyPrint/commit/4dfd05f13dfeadf36d44e8f72ee3f2df0b4c6945\"\u003e\u003ccode\u003e4dfd05f\u003c/code\u003e\u003c/a\u003e Don’t iterate over all lines when trying to report footnotes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kozea/WeasyPrint/compare/v66.0...v68.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pylint` from 3.3.9 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/88e1ab7545a4af4aea15c305a154c164a95ab842\"\u003e\u003ccode\u003e88e1ab7\u003c/code\u003e\u003c/a\u003e Bump pylint to 4.0.5, update changelog (\u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10860\"\u003e#10860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/d96d489a1743d32b6bfa53fc0f69a4333209a146\"\u003e\u003ccode\u003ed96d489\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Relax isort version constraint to allow isort 8 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/0b08ccb014c265700f244a885bdcbdfa3a03de46\"\u003e\u003ccode\u003e0b08ccb\u003c/code\u003e\u003c/a\u003e Fix dynamic color mapping for \u0026quot;fail-on\u0026quot; messages when using multiple reporter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/154dba43276e8232a2e1cb8f90bfcc63886f3460\"\u003e\u003ccode\u003e154dba4\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix FP for \u003ccode\u003einvalid-name\u003c/code\u003e with \u003ccode\u003etyping.Final\u003c/code\u003e on...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/7b73bfdedf275935b9c5b43a6aeda5cc648b4847\"\u003e\u003ccode\u003e7b73bfd\u003c/code\u003e\u003c/a\u003e Disable unspecified-encoding for py-version above Python 3.15 (\u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10800\"\u003e#10800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/4cc98be8b7786dbc6692493fe9cedb8585af5518\"\u003e\u003ccode\u003e4cc98be\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix setting options for import order checker (\u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/f0d30a27b510d69f846e3aaa0054cf0a1412923c\"\u003e\u003ccode\u003ef0d30a2\u003c/code\u003e\u003c/a\u003e Sync astroid version with requirements file again\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/38bdf024648724e6aea017e62d3b57cb44097ec3\"\u003e\u003ccode\u003e38bdf02\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix \u003ccode\u003elogging-unsupported-format\u003c/code\u003e when logging ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/f08c33ae3e691eed868e49c0d15270dc6e6a0d6c\"\u003e\u003ccode\u003ef08c33a\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Properly detect \u003ccode\u003eself.fail()\u003c/code\u003e as a terminating...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/pylint/commit/e16f942166511d6fb4427e503a734152fae0c4fe\"\u003e\u003ccode\u003ee16f942\u003c/code\u003e\u003c/a\u003e Bump pylint to 4.0.4, update changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pylint-dev/pylint/compare/v3.3.9...v4.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.4.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.4.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-django` from 4.11.1 to 4.12.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst\"\u003epytest-django's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.0 (2026-02-14)\u003c/h2\u003e\n\u003cp\u003eCompatibility\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOfficial Python 3.14 support.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.9, minimum version is now Python 3.10.\u003c/li\u003e\n\u003cli\u003eOfficial Django 6.0 support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eImprovements\n^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe :ref:\u003ccode\u003emultiple databases \u0026lt;multi-db\u0026gt;\u003c/code\u003e support added in v4.3.0 is no longer considered experimental.\u003c/li\u003e\n\u003cli\u003eAdded :func:\u003ccode\u003e@pytest.mark.django_isolate_apps \u0026lt;pytest.mark.django_isolate_apps\u0026gt;\u003c/code\u003e\nfor isolating Django's app registry in pytest tests, and a\n:fixture:\u003ccode\u003edjango_isolated_apps\u003c/code\u003e fixture to access the isolated Apps registry instance if needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/a2a94956cc24bb30030510710f0f27e61efb0cf0\"\u003e\u003ccode\u003ea2a9495\u003c/code\u003e\u003c/a\u003e Release 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/020bc237ac7be78ab3a2780d07637f77166a6263\"\u003e\u003ccode\u003e020bc23\u003c/code\u003e\u003c/a\u003e tests: make sure access to default can also be blocked\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/bcefbe832468f764b0f2665548aae8a9f75820a7\"\u003e\u003ccode\u003ebcefbe8\u003c/code\u003e\u003c/a\u003e Add support for isolating apps in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/39c8dcc249d5c103d29d170a5ad63a2fe7067049\"\u003e\u003ccode\u003e39c8dcc\u003c/code\u003e\u003c/a\u003e plugin: add a note why we reorder tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/1830acd6193ad6d851131c9ed805c003c10ce27a\"\u003e\u003ccode\u003e1830acd\u003c/code\u003e\u003c/a\u003e pyproject.toml: require pytest 9 for self tests, switch to native toml config...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/f19da084b9b8b131c5ae178f1a8a907ec6e3567b\"\u003e\u003ccode\u003ef19da08\u003c/code\u003e\u003c/a\u003e Fix the order of the test cases that use the live_server fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/92858eed573ce1786d0f67d242426c7f8f75dd7b\"\u003e\u003ccode\u003e92858ee\u003c/code\u003e\u003c/a\u003e docs: add pytest 9.0+ native TOML configuration format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/3f550d93947acda430c27be578b7619c25abddc8\"\u003e\u003ccode\u003e3f550d9\u003c/code\u003e\u003c/a\u003e build(deps): bump hynek/build-and-inspect-python-package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/1f50dd29b8778e645ca7a88a285b30a9c788afc4\"\u003e\u003ccode\u003e1f50dd2\u003c/code\u003e\u003c/a\u003e Drop obsolete traces of Django 5.0 in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-django/commit/247ec1c365da3d25f230dde22b7a0e1805749d09\"\u003e\u003ccode\u003e247ec1c\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ePytestCollectionWarning\u003c/code\u003e for \u003ccode\u003eTestRunner\u003c/code\u003e class (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-django/issues/1259\"\u003e#1259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-django/compare/v4.11.1...v4.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-env` from 1.1.5 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-env/releases\"\u003epytest-env's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.6.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(env): preserve existing env values by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/213\"\u003epytest-dev/pytest-env#213\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.5.1...1.6.0\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.5.1...1.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.5.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to workflows by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/203\"\u003epytest-dev/pytest-env#203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SECURITY.md to .github/ by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/206\"\u003epytest-dev/pytest-env#206\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing .github config files by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/207\"\u003epytest-dev/pytest-env#207\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eStandardize .github files to .yaml suffix by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/208\"\u003epytest-dev/pytest-env#208\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix verbose source attribution when falling back to INI env by \u003ca href=\"https://github.com/shuofengzhang\"\u003e\u003ccode\u003e@​shuofengzhang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/211\"\u003epytest-dev/pytest-env#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shuofengzhang\"\u003e\u003ccode\u003e@​shuofengzhang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/211\"\u003epytest-dev/pytest-env#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.5.0...1.5.1\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.5.0...1.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.5.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(plugin): add --pytest-env-verbose for debugging env assignments by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/199\"\u003epytest-dev/pytest-env#199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.4.0...1.5.0\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.4.0...1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(cli): add --envfile option for runtime environment switching by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/197\"\u003epytest-dev/pytest-env#197\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.3.2...1.4.0\"\u003ehttps://github.com/pytest-dev/pytest-env/compare/1.3.2...1.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.3.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 build(type): migrate from mypy to ty by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/pull/192\"\u003epytest-dev/pytest-env#192\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/8bd22d1b9d9d7594c408040610868743ca3d5a9b\"\u003e\u003ccode\u003e8bd22d1\u003c/code\u003e\u003c/a\u003e ✨ feat(env): preserve existing env values (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/81f9e0e19d17169f03d9c078818421f34c45a67d\"\u003e\u003ccode\u003e81f9e0e\u003c/code\u003e\u003c/a\u003e Fix verbose source attribution when falling back to INI env (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/211\"\u003e#211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/81dc95d54f09ebb9b6e5f704b86a4bb60552b08b\"\u003e\u003ccode\u003e81dc95d\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/439cc76fecbfbb95b6d3123a32bbc8030a9f95c0\"\u003e\u003ccode\u003e439cc76\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/209\"\u003e#209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/b1b498e28cb76863a6e88c713a9bb09cdfbb0857\"\u003e\u003ccode\u003eb1b498e\u003c/code\u003e\u003c/a\u003e Standardize .github files to .yaml suffix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/066dadc7b4f8a40818e2c19c6bbd7281671eb081\"\u003e\u003ccode\u003e066dadc\u003c/code\u003e\u003c/a\u003e Add missing .github config files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/7d01327e395f0080dd6256c0cf30f2a8693c3c32\"\u003e\u003ccode\u003e7d01327\u003c/code\u003e\u003c/a\u003e Add SECURITY.md to .github/\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/04259c91dfbd4b77a053bcad5fd63d5d7d78ae5d\"\u003e\u003ccode\u003e04259c9\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/download-artifact from 7 to 8 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/205\"\u003e#205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/4fdb9d8d6defe6fc40069455ec672fa3f1bef51f\"\u003e\u003ccode\u003e4fdb9d8\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/204\"\u003e#204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-env/commit/672e44f059e03870caf87054aa7426411a8a9658\"\u003e\u003ccode\u003e672e44f\u003c/code\u003e\u003c/a\u003e Add permissions to workflows (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest-env/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-env/compare/1.1.5...1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pontos` from 26.2.0 to 26.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/greenbone/pontos/releases\"\u003epontos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epontos 26.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v26.4.3..26.5.0\"\u003e26.5.0\u003c/a\u003e - 2026-05-19\u003c/h2\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:construction_worker: Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRename \u0026quot;Status Change\u0026quot; to \u0026quot;CVE Status Change\u0026quot; by \u003ca href=\"https://github.com/n-thumann\"\u003e\u003ccode\u003e@​n-thumann\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1220\"\u003e#1220\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:ship: Dependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump urllib3 from 2.6.3 to 2.7.0 by \u003ca href=\"https://github.com/dependabot%5Bbot%5D\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1217\"\u003e#1217\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 26.4.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v26.4.2..26.4.3\"\u003e26.4.3\u003c/a\u003e - 2026-04-29\u003c/h2\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:sparkles: Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE Change event name \u0026quot;Data Remediation\u0026quot; by \u003ca href=\"https://github.com/n-thumann\"\u003e\u003ccode\u003e@​n-thumann\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1214\"\u003e#1214\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 26.4.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/greenbone/pontos/compare/v26.4.1..26.4.2\"\u003e26.4.2\u003c/a\u003e - 2026-04-27\u003c/h2\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:sparkles: Added\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTwo test cases for XML files by \u003ca href=\"https://github.com/wiegandm\"\u003e\u003ccode\u003e@​wiegandm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1211\"\u003e#1211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:construction_worker: Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove XML declarations from templates by \u003ca href=\"https://github.com/wiegandm\"\u003e\u003ccode\u003e@​wiegandm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/greenbone/pontos/commit/9e2d78c64bcd5ffc4fb793d3770bdb409cf56b1e\"\u003e9e2d78c\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:bug: Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent duplication and adding of XML declarations by \u003ca href=\"https://github.com/wiegandm\"\u003e\u003ccode\u003e@​wiegandm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/greenbone/pontos/commit/ee996b5771ddb3e0183b00ad34ffda45988d6dbc\"\u003eee996b5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:wrench: Miscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse git-cliff for release changelog generation by \u003ca href=\"https://github.com/bjoernricks\"\u003e\u003ccode\u003e@​bjoernricks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/greenbone/pontos/commit/af9e7f10db1b8cab9912e0c0827380feab952194\"\u003eaf9e7f1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the conventional commits workflow by \u003ca href=\"https://github.com/bjoernricks\"\u003e\u003ccode\u003e@​bjoernricks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1210\"\u003e#1210\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003c!-- raw HTML omitted --\u003e:ship: Dependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 8 updates by \u003ca href=\"https://github.com/dependabot%5Bbot%5D\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/greenbone/pontos/pull/1209\"\u003e#1209\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epontos 26.4.1\u003c/h2\u003e\n\u003ch2\u003e[26.4.1] - 2026-04-21\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a380de64b4e171a476b1cf3172319ee180ed818f\"\u003e\u003ccode\u003ea380de6\u003c/code\u003e\u003c/a\u003e Automatic release to 26.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/12b9dd283e3d261098719ac8ce94625f73e98684\"\u003e\u003ccode\u003e12b9dd2\u003c/code\u003e\u003c/a\u003e Change: Rename \u0026quot;Status Change\u0026quot; to \u0026quot;CVE Status Change\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/fd0a178d18da0d3ead9de7c1d9933364d6cfafac\"\u003e\u003ccode\u003efd0a178\u003c/code\u003e\u003c/a\u003e Deps: Bump urllib3 from 2.6.3 to 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/00adf5473d50e7aa0e0839984a8ba44447e28c0d\"\u003e\u003ccode\u003e00adf54\u003c/code\u003e\u003c/a\u003e Update: Greenbone license header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a793376e247ac9a8e0994d1ba56cd2e44bbaf575\"\u003e\u003ccode\u003ea793376\u003c/code\u003e\u003c/a\u003e Automatic adjustments after release [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/7e3dffb21ddab71884678eac10215767319d29f4\"\u003e\u003ccode\u003e7e3dffb\u003c/code\u003e\u003c/a\u003e Automatic release to 26.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/f2f04018b6e2eabb1b64123445dadbcfdb85d112\"\u003e\u003ccode\u003ef2f0401\u003c/code\u003e\u003c/a\u003e Add: CVE Change event name \u0026quot;Data Remediation\u0026quot; (\u003ca href=\"https://redirect.github.com/greenbone/pontos/issues/1214\"\u003e#1214\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/a81ba0338193a9e889da80825487a86be7179ee2\"\u003e\u003ccode\u003ea81ba03\u003c/code\u003e\u003c/a\u003e Automatic adjustments after release [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/46c3185d68b38c4889db97a0e89fd2622728c341\"\u003e\u003ccode\u003e46c3185\u003c/code\u003e\u003c/a\u003e Automatic release to 26.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/greenbone/pontos/commit/31d04650f4750791cbfdfbc3afa267693e709051\"\u003e\u003ccode\u003e31d0465\u003c/code\u003e\u003c/a\u003e Use snake_case for release-version output variables\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/greenbone/pontos/compare/v26.2.0...v26.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `astroid` from 3.3.11 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pylint-dev/astroid/releases\"\u003eastroid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.4?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-02-07\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eis_namespace()\u003c/code\u003e crash when search locations contain \u003ccode\u003epathlib.Path\u003c/code\u003e objects.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2942\"\u003e#2942\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.3\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.3?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-01-03\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inference of \u003ccode\u003eIfExp\u003c/code\u003e (ternary expression) nodes to avoid prematurely narrowing\nresults in the face of inference ambiguity.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2899\"\u003e#2899\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix base class inference for dataclasses using the PEP 695 typing syntax.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10788\"\u003epylint-dev/pylint#10788\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.2?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-11-09\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHandle FunctionDef blockstart_tolineno edge cases correctly.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2880\"\u003e#2880\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eHTTPMethod\u003c/code\u003e enum support to brain module for Python 3.11+.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10624\"\u003epylint-dev/pylint#10624\u003c/a\u003e\nCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2877\"\u003e#2877\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.1?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-10-11\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSuppress \u003ccode\u003eSyntaxWarning\u003c/code\u003e for invalid escape sequences and return in finally on\nPython 3.14 when parsing modules.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAssign \u003ccode\u003eImport\u003c/code\u003e and \u003ccode\u003eImportFrom\u003c/code\u003e nodes to module locals if used with \u003ccode\u003eglobal\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10632\"\u003epylint-dev/pylint#10632\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pylint-dev/astroid/blob/main/ChangeLog\"\u003eastroid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.4?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-02-07\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eis_namespace()\u003c/code\u003e crash when search locations contain \u003ccode\u003epathlib.Path\u003c/code\u003e objects.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2942\"\u003e#2942\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.3?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2026-01-03\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix inference of \u003ccode\u003eIfExp\u003c/code\u003e (ternary expression) nodes to avoid prematurely narrowing\nresults in the face of inference ambiguity.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2899\"\u003e#2899\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix base class inference for dataclasses using the PEP 695 typing syntax.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10788\"\u003epylint-dev/pylint#10788\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.2?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-11-09\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHandle FunctionDef blockstart_tolineno edge cases correctly.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2880\"\u003e#2880\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eHTTPMethod\u003c/code\u003e enum support to brain module for Python 3.11+.\u003c/p\u003e\n\u003cp\u003eRefs \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10624\"\u003epylint-dev/pylint#10624\u003c/a\u003e\nCloses \u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2877\"\u003e#2877\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.1?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-10-11\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSuppress \u003ccode\u003eSyntaxWarning\u003c/code\u003e for invalid escape sequences and return in finally on\nPython 3.14 when parsing modules.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAssign \u003ccode\u003eImport\u003c/code\u003e and \u003ccode\u003eImportFrom\u003c/code\u003e nodes to module locals if used with \u003ccode\u003eglobal\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eCloses \u003ca href=\"https://redirect.github.com/pylint-dev/pylint/issues/10632\"\u003epylint-dev/pylint#10632\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eWhat's New in astroid 4.0.0?\u003c/h1\u003e\n\u003cp\u003eRelease date: 2025-10-05\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/019feb6018eef32a0e3a25d8153427a537961882\"\u003e\u003ccode\u003e019feb6\u003c/code\u003e\u003c/a\u003e Bump astroid to 4.0.4, update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/b25ee05e15b70693a4d740ac563568e0b618ec0d\"\u003e\u003ccode\u003eb25ee05\u003c/code\u003e\u003c/a\u003e Fix namespace detection crash (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2949\"\u003e#2949\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/b978037e67f233f4366de4ccbcdad2c627474477\"\u003e\u003ccode\u003eb978037\u003c/code\u003e\u003c/a\u003e Bump astroid to 4.0.3, update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/5476bc3dad1fe83bd4725ae284229a51326bd97c\"\u003e\u003ccode\u003e5476bc3\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Wrong inference with default argument values (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2\"\u003e#2\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/ae761dca40d1aa1b7e7b941e535a819acd83f9a5\"\u003e\u003ccode\u003eae761dc\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Fix base class inference for dataclasses with PE...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/077c51fa1eb737a13d6888873dc432cf8cbbe9e0\"\u003e\u003ccode\u003e077c51f\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] [typing] Add sys check guard for typing.Self for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/f3255d1611277ecc3d6f338d551ce8437f66ae72\"\u003e\u003ccode\u003ef3255d1\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Skip mypy install for pypy (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2906\"\u003e#2906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/d2823f2cb764b3d63c91998f6cd392629147c095\"\u003e\u003ccode\u003ed2823f2\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] [ci] Fix windows cache key (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/05c79e1e57da03875a8fd8a30715688f179585da\"\u003e\u003ccode\u003e05c79e1\u003c/code\u003e\u003c/a\u003e [Backport maintenance/4.0.x] Improve self argument typing (\u003ca href=\"https://redirect.github.com/pylint-dev/astroid/issues/2904\"\u003e#2904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pylint-dev/astroid/commit/a068430290b375a06f6eccdcea7d5026995172ba\"\u003e\u003ccode\u003ea068430\u003c/code\u003e\u003c/a\u003e Bump astroid to 4.0.2, update changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pylint-dev/astroid/compare/v3.3.11...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.10.7 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003ch2\u003eVersion 7.13.5 — 2026-03-17\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eissue 2138\u003c/code\u003e_ describes a memory leak that happened when repeatedly\nusing the Coverage API with in-memory data. This is now fixed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the markdown-formatted coverage report didn't fully escape special\ncharacters in file paths (\u003ccode\u003eissue 2141\u003c/code\u003e\u003cem\u003e). This would be very unlikely to\ncause a problem, but now it's done properly, thanks to \u003ccode\u003eEllie Ayla \u0026lt;pull 2142_\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the C extension wouldn't build on VS2019, but now it does (\u003ccode\u003eissue 2145\u003c/code\u003e_).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.10.7...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cssselect2` from 0.8.0 to 0.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/cssselect2/releases\"\u003ecssselect2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support of Python 3.9, support 3.14\u003c/li\u003e\n\u003cli\u003eSupport :host\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kozea/cssselect2/blob/main/docs/changelog.rst\"\u003ecssselect2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cp\u003eVersion 0.9.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2026-02-12.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support of Python 3.9, support 3.14\u003c/li\u003e\n\u003cli\u003eSupport :host\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 0.8.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2025-03-05.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support of Python 3.8 and 3.9, support 3.12 and 3.13\u003c/li\u003e\n\u003cli\u003eHandle case-sensitive and case-insensitive attribute selectors\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 0.7.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2022-09-19.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport :has selector\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eVersion 0.6.0\n.............\u003c/p\u003e\n\u003cp\u003eReleased on 2022-04-15.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis version deprecates the \u003ccode\u003eiter_ancestors\u003c/code\u003e and \u003ccode\u003eiter_previous_siblings\u003c/code\u003e\nmethods, that will be removed in 0.7.0. Use the \u003ccode\u003ean...\n\n_Description has been truncated_","html_url":"https://github.com/greenbone/pheme/pull/1059","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fpheme/issues/1059","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1059/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-25T01:50:31.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4513722182","node_id":"PR_kwDOKXYUl87e4MDZ","number":88,"state":"open","title":"Bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["AHReccese"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T01:50:31.000Z","updated_at":"2026-05-25T01:52:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"\u003e [!WARNING]\n\u003e Dependabot will stop supporting `python v3.9`!\n\u003e \n\u003e Please upgrade to one of the following versions: `v3.9`, `v3.10`, `v3.11`, `v3.12`, `v3.13`, or `v3.14`.\n\u003e\n\nBumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/openscilab/dmeta/pull/88","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/openscilab%2Fdmeta/issues/88","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/88/packages"}},{"old_version":"5.0.0","new_version":"5.4.0","update_type":"minor","path":null,"pr_created_at":"2026-05-24T23:08:27.000Z","version_change":"5.0.0 → 5.4.0","issue":{"uuid":"4513242110","node_id":"PR_kwDOSKM6Lc7e2uX0","number":20,"state":"open","title":"chore(deps): bump lxml from 5.0.0 to 5.4.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T23:08:27.000Z","updated_at":"2026-05-24T23:08:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"lxml","old_version":"5.0.0","new_version":"5.4.0","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 5.0.0 to 5.4.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.3.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.3.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.2.2\u003c/h2\u003e\n\u003ch1\u003e5.2.2 (2024-05-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#417: The \u003ccode\u003etest_feed_parser\u003c/code\u003e test could fail if \u003ccode\u003elxml_html_clean\u003c/code\u003e was not installed.\nIt is now skipped in that case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2059910: The minimum CPU architecture for the Linux x86 binary wheels was set back to\n\u0026quot;core2\u0026quot;, without SSE 4.2.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIf libxml2 uses iconv, the compile time version is available as \u003ccode\u003eetree.ICONV_COMPILED_VERSION\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.2.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.2.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.1.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.1.0-2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.3.2 (2025-04-05)\u003c/h1\u003e\n\u003cp\u003eThis release resolves CVE-2025-24928 as described in\n\u003ca href=\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\"\u003ehttps://gitlab.gnome.org/GNOME/libxml2/-/issues/847\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBinary wheels use libxml2 2.12.10 and libxslt 1.1.42.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBinary wheels for Windows use a patched libxml2 2.11.9 and libxslt 1.1.39.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.3.1 (2025-02-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#440: Some tests were adapted for libxml2 2.14.0.\nPatch by Nick Wellnhofer.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2097175: \u003ccode\u003eDTD(external_id=\u0026quot;…\u0026quot;)\u003c/code\u003e erroneously required a byte string as ID value.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGH#450: \u003ccode\u003eiterparse()\u003c/code\u003e internally triggered the `DeprecationWarning`` added in lxml 5.3.0 when parsing HTML.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGH#442: Binary wheels for macOS no longer use the linker flag \u003ccode\u003e-flat_namespace\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e5.3.0 (2024-08-10)\u003c/h1\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6e76d57af83d59d7a0456fd5889e392a7b366b43\"\u003e\u003ccode\u003e6e76d57\u003c/code\u003e\u003c/a\u003e Build: Exclude slow Py3.9 wheel builds for s390/ppc and Py3.7 for ARM64.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/ee10c02bb771be22e6e3c36a90f3b66e5ce87752\"\u003e\u003ccode\u003eee10c02\u003c/code\u003e\u003c/a\u003e Prepare release of lxml 5.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/0e4f3c33723bb2b4d9565046a24a896c36fb5602\"\u003e\u003ccode\u003e0e4f3c3\u003c/code\u003e\u003c/a\u003e Prepare release of lxml 5.3.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4703fc2e74296a1bcb44ba050d856ceab21d87f\"\u003e\u003ccode\u003eb4703fc\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/db723bb3b9140f9f313f4b638790a69e82eae2a3\"\u003e\u003ccode\u003edb723bb\u003c/code\u003e\u003c/a\u003e Build: Use libxslt 1.1.43 instead of 1.1.42 to resolve some CVEs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a664877bde77d4d649fb8475e8bfb2bc2693ac26\"\u003e\u003ccode\u003ea664877\u003c/code\u003e\u003c/a\u003e Build: Use libxml2 2.13.8 instead of 2.12.x to resolve some CVEs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/df4633e7a919f0a4d42df310f17477b5ab51e403\"\u003e\u003ccode\u003edf4633e\u003c/code\u003e\u003c/a\u003e Remove appveyor usage.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/820db896be83f72f1cb653981362c682c8fc0d1f\"\u003e\u003ccode\u003e820db89\u003c/code\u003e\u003c/a\u003e CI: Allow Py3.14 jobs to fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/93ad02aad6caa1a7a4b2f595c2973644709cb5f9\"\u003e\u003ccode\u003e93ad02a\u003c/code\u003e\u003c/a\u003e docs: Add a note about C compiler installation to error message (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/454\"\u003eGH-454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/16878dac7075903c7b6e412f5f770ce43e942509\"\u003e\u003ccode\u003e16878da\u003c/code\u003e\u003c/a\u003e Add some hints to the documentation on how to build lxml (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/453\"\u003eGH-453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.0.0...lxml-5.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=5.0.0\u0026new-version=5.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/other9/market-monitor/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/other9%2Fmarket-monitor/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"6.0.2","new_version":"6.1.0","update_type":"minor","path":null,"pr_created_at":"2026-05-24T09:50:20.000Z","version_change":"6.0.2 → 6.1.0","issue":{"uuid":"4511147888","node_id":"PR_kwDOJ4I5W87ewc_R","number":110,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T09:50:20.000Z","updated_at":"2026-05-24T09:50:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":4,"packages":[{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 4 updates in the /apps/api directory: [idna](https://github.com/kjd/idna), [lxml](https://github.com/lxml/lxml), [python-dotenv](https://github.com/theskumar/python-dotenv) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/totallynotdavid/megaloader/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/totallynotdavid/megaloader/pull/110","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/totallynotdavid%2Fmegaloader/issues/110","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/110/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-23T10:33:48.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4507787697","node_id":"PR_kwDOSFqbNs7emdDz","number":42,"state":"closed","title":"chore(deps): Bump the minor-and-patch group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-30T10:33:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T10:33:48.000Z","updated_at":"2026-05-30T10:33:12.000Z","time_to_close":604762,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"minor-and-patch","update_count":6,"packages":[{"name":"uvicorn","old_version":"0.46.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"ctranslate2","old_version":"4.7.1","new_version":"4.7.2","repository_url":"https://github.com/OpenNMT/CTranslate2"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 6 updates in the /apps/python-extractor directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.47.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [ctranslate2](https://github.com/OpenNMT/CTranslate2) | `4.7.1` | `4.7.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.14` |\n\n\nUpdates `uvicorn` from 0.46.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/6761b2c8f9272fa0e908d0b9cdcb3cb0aa11382f\"\u003e\u003ccode\u003e6761b2c\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2923\"\u003e#2923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/438f64834de00708a9bb3548a36090e7a924ad84\"\u003e\u003ccode\u003e438f648\u003c/code\u003e\u003c/a\u003e Surface sponsors on welcome page and sidebar (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2921\"\u003e#2921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/10ddc6dd296cb6e432a00835abe27f1c822373c1\"\u003e\u003ccode\u003e10ddc6d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/b499bc45101d920e691e384025d728507215d4d1\"\u003e\u003ccode\u003eb499bc4\u003c/code\u003e\u003c/a\u003e Eagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.14.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ctranslate2` from 4.7.1 to 4.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/OpenNMT/CTranslate2/releases\"\u003ectranslate2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/releases/tag/v4.7.2\"\u003ev4.7.2\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGemma4 support for dense model (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2048\"\u003e#2048\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes and improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGemma 3 model conversion fixes (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2037\"\u003e#2037\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate source ROCM version from 7.2 to 7.2.1 (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2030\"\u003e#2030\u003c/a\u003e) by \u003ca href=\"https://github.com/racedale\"\u003e\u003ccode\u003e@​racedale\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFree curand states before the thread is destroyed (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1912\"\u003e#1912\u003c/a\u003e) by \u003ca href=\"https://github.com/no1d\"\u003e\u003ccode\u003e@​no1d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/OpenNMT/CTranslate2/blob/master/CHANGELOG.md\"\u003ectranslate2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/releases/tag/v4.7.2\"\u003ev4.7.2\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eNew features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGemma4 support for dense model (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2048\"\u003e#2048\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes and improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGemma 3 model conversion fixes (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2037\"\u003e#2037\u003c/a\u003e) by \u003ca href=\"https://github.com/jordimas\"\u003e\u003ccode\u003e@​jordimas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate source ROCM version from 7.2 to 7.2.1 (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2030\"\u003e#2030\u003c/a\u003e) by \u003ca href=\"https://github.com/racedale\"\u003e\u003ccode\u003e@​racedale\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFree curand states before the thread is destroyed (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1912\"\u003e#1912\u003c/a\u003e) by \u003ca href=\"https://github.com/no1d\"\u003e\u003ccode\u003e@​no1d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/9ff9c719e62b98fb8a993c1629833b0ddab447db\"\u003e\u003ccode\u003e9ff9c71\u003c/code\u003e\u003c/a\u003e Fix PyPI publish: download wheels to dist/ to avoid directory hash error (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2050\"\u003e#2050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/9463f04e3c57df5de7fb42ad4f8fe0ad796745a5\"\u003e\u003ccode\u003e9463f04\u003c/code\u003e\u003c/a\u003e Fix flaky transformers_wav2vec2 test (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1996\"\u003e#1996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/95fdccbadf3b1eec494c6602727a620c699d7719\"\u003e\u003ccode\u003e95fdccb\u003c/code\u003e\u003c/a\u003e Bump version to 4.72\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/09e5feacc275bb2872fe5358a0a014fca701a361\"\u003e\u003ccode\u003e09e5fea\u003c/code\u003e\u003c/a\u003e Gemma4 support for dense model (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2048\"\u003e#2048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/c85c983886ee376f45973f13ed588e998de87819\"\u003e\u003ccode\u003ec85c983\u003c/code\u003e\u003c/a\u003e Free curand states before the thread is destroyed (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/1912\"\u003e#1912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/d077c47f301dbea4b6959ba8aa58a93e5aae993a\"\u003e\u003ccode\u003ed077c47\u003c/code\u003e\u003c/a\u003e Update source ROCM version from 7.2 to 7.2.1 (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2030\"\u003e#2030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OpenNMT/CTranslate2/commit/ac19abd41cadf83cd5661adc91e45b6efa038cf7\"\u003e\u003ccode\u003eac19abd\u003c/code\u003e\u003c/a\u003e Gemma 3 model conversion fixes (\u003ca href=\"https://redirect.github.com/OpenNMT/CTranslate2/issues/2037\"\u003e#2037\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/OpenNMT/CTranslate2/compare/v4.7.1...v4.7.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/dKaulig/shared-cookbook/pull/42","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dKaulig%2Fshared-cookbook/issues/42","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/42/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-23T01:13:32.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4506363109","node_id":"PR_kwDONu9M787eiEw_","number":58,"state":"open","title":"Bump lxml from 6.1.0 to 6.1.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T01:13:32.000Z","updated_at":"2026-05-23T01:14:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"}],"path":null,"ecosystem":"pip"},"body":"Bumps [lxml](https://github.com/lxml/lxml) from 6.1.0 to 6.1.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lxml\u0026package-manager=pip\u0026previous-version=6.1.0\u0026new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ma4nn/pp-terminal/pull/58","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ma4nn%2Fpp-terminal/issues/58","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/58/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-22T20:50:04.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4505522415","node_id":"PR_kwDORlvf987efbCS","number":663,"state":"closed","title":"deps(uv): bump the uv-minor-patch group with 20 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T23:11:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T20:50:04.000Z","updated_at":"2026-05-29T23:11:58.000Z","time_to_close":613312,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(uv): bump","group_name":"uv-minor-patch","update_count":20,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"greenlet","old_version":"3.5.0","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"idna","old_version":"3.15","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"numpy","old_version":"2.4.5","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"oracledb","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/oracle/python-oracledb"},{"name":"pymysql","old_version":"1.1.3","new_version":"1.2.0","repository_url":"https://github.com/PyMySQL/PyMySQL"},{"name":"pypdf","old_version":"6.11.0","new_version":"6.12.1","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.28","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"sentence-transformers","old_version":"5.5.0","new_version":"5.5.1","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"hypothesis","old_version":"6.152.7","new_version":"6.152.9","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ast-serialize","old_version":"0.3.0","new_version":"0.5.0","repository_url":"https://github.com/mypyc/ast_serialize"},{"name":"cbor2","old_version":"6.0.1","new_version":"6.1.1","repository_url":"https://github.com/agronholm/cbor2"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"python-discovery","old_version":"1.3.0","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"stevedore","old_version":"5.7.0","new_version":"5.8.0"},{"name":"virtualenv","old_version":"21.3.1","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv-minor-patch group with 20 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.0` | `3.5.1` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.16` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.5` | `2.4.6` |\n| [oracledb](https://github.com/oracle/python-oracledb) | `4.0.0` | `4.0.1` |\n| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.3` | `1.2.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.11.0` | `6.12.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.29` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.5.0` | `5.5.1` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.152.7` | `6.152.9` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.14` |\n| [ast-serialize](https://github.com/mypyc/ast_serialize) | `0.3.0` | `0.5.0` |\n| [cbor2](https://github.com/agronholm/cbor2) | `6.0.1` | `6.1.1` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.3.0` | `1.3.1` |\n| [stevedore](https://docs.openstack.org/stevedore) | `5.7.0` | `5.8.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.3.1` | `21.3.3` |\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.5.0 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.5.0...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.15 to 3.16\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4e6cbe225a3e0b6e7eed2082086a12cba526e787\"\u003e\u003ccode\u003e4e6cbe2\u003c/code\u003e\u003c/a\u003e Demote installation instruction to usage section\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/223533c34c9e23470e714ed9b1f1c41867177732\"\u003e\u003ccode\u003e223533c\u003c/code\u003e\u003c/a\u003e Merge branch 'readme-simplification' into release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b1640b228a50b3c94ffcf8a664eb6cb186550f3e\"\u003e\u003ccode\u003eb1640b2\u003c/code\u003e\u003c/a\u003e Bump version to 3.16rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/3a861132be61091454aae10c292d98bcfd3cd797\"\u003e\u003ccode\u003e3a86113\u003c/code\u003e\u003c/a\u003e Update history for 3.16 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d4bc9e742b753cff2ec6c53bd4be730863ca9c53\"\u003e\u003ccode\u003ed4bc9e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/246\"\u003e#246\u003c/a\u003e from kjd/python-3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a21d9fca6b04c47ddbd0303d62bbc0712b55f43d\"\u003e\u003ccode\u003ea21d9fc\u003c/code\u003e\u003c/a\u003e Update deprecation policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b46492694aa21dc1c3608f59dd5b9620c08b2d0f\"\u003e\u003ccode\u003eb464926\u003c/code\u003e\u003c/a\u003e Raise minimum Python to 3.9 and modernize typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7f3b15e8839f0e404a00054c4072e69347e727f2\"\u003e\u003ccode\u003e7f3b15e\u003c/code\u003e\u003c/a\u003e Explicit example not needed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7530c7020ae2bcf0acff1fafd71fb047a3b117ed\"\u003e\u003ccode\u003e7530c70\u003c/code\u003e\u003c/a\u003e Remove unnecessary print()\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.15...v3.16\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.5 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.5...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `oracledb` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oracle/python-oracledb/releases\"\u003eoracledb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003cp\u003epython-oracledb 4.0.1 is now released. This release addresses a number of issues. See the \u003ca href=\"https://python-oracledb.readthedocs.io/en/latest/release_notes.html#oracledb-4-0-1-may-2026\"\u003efull release notes\u003c/a\u003e for all of the details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/3daef052904e41668bb862e6fa40f43c22a81beb\"\u003e\u003ccode\u003e3daef05\u003c/code\u003e\u003c/a\u003e Preparing to release python-oracledb 4.0.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/87859452fc15b9f419cbae35665db4a2b2f6023d\"\u003e\u003ccode\u003e8785945\u003c/code\u003e\u003c/a\u003e Tweak docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/899257e24188de69ba3a54183d9b3d3f8bc2f977\"\u003e\u003ccode\u003e899257e\u003c/code\u003e\u003c/a\u003e Remove checks for Oracle Client libraries earlier than 19 since those versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/de7cbb80e223faa2b1484943ec11d8e9c4a9a19e\"\u003e\u003ccode\u003ede7cbb8\u003c/code\u003e\u003c/a\u003e Mark fixtures as session-based fixtures when they can be to avoid unnecessary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/a5a5700dff18a8757e3e4d95bd5826e5921051ea\"\u003e\u003ccode\u003ea5a5700\u003c/code\u003e\u003c/a\u003e Fixed bug when specifying wallet_location as the keyword SYSTEM (which is\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/ac85017f86fa2a15bf0e947bf13b248307f2d7e8\"\u003e\u003ccode\u003eac85017\u003c/code\u003e\u003c/a\u003e Fixed bug when specifying a value for the ORA_SDTZ environment variable as one\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/52cfd20b47c36c467026e4f1ac9d92ef75eee9cd\"\u003e\u003ccode\u003e52cfd20\u003c/code\u003e\u003c/a\u003e Merged test files and added tests for validating a connection pool does not\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/afab7137952d574d711cce18c315096dd4d36202\"\u003e\u003ccode\u003eafab713\u003c/code\u003e\u003c/a\u003e Fixed bug causing a connection pool to grow beyond its maximum allowed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/a7b40f112949875a2bb1449ffcb068953cd88999\"\u003e\u003ccode\u003ea7b40f1\u003c/code\u003e\u003c/a\u003e Add missing closing brace!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oracle/python-oracledb/commit/99d9ff0eb77a17cf9b77b6e7f3d2b6942de101cd\"\u003e\u003ccode\u003e99d9ff0\u003c/code\u003e\u003c/a\u003e Include the C library in the matrix to ensure unique artifact names.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oracle/python-oracledb/compare/v4.0.0...v4.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymysql` from 1.1.3 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/releases\"\u003epymysql's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the all-dependencies group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1232\"\u003ePyMySQL/PyMySQL#1232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReorganize TLS options: implement PREFERRED/REQUIRED SSL mode behavior by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1234\"\u003ePyMySQL/PyMySQL#1234\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport MySQL 8 row/column alias syntax in \u003ccode\u003eexecutemany\u003c/code\u003e INSERT regex by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1235\"\u003ePyMySQL/PyMySQL#1235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpose SQLSTATE on MySQL protocol exceptions without changing exception formatting by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1236\"\u003ePyMySQL/PyMySQL#1236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReject non-finite \u003ccode\u003edecimal.Decimal\u003c/code\u003e query parameters (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003esNaN\u003c/code\u003e, \u003ccode\u003e±Infinity\u003c/code\u003e) by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1237\"\u003ePyMySQL/PyMySQL#1237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update outdated requirements and reference links by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1239\"\u003ePyMySQL/PyMySQL#1239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare CHANGELOG for v1.2.0 release from v1.1.3 changes by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1238\"\u003ePyMySQL/PyMySQL#1238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate \u003ccode\u003edb\u003c/code\u003e and \u003ccode\u003epasswd\u003c/code\u003e again by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1240\"\u003ePyMySQL/PyMySQL#1240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate \u003ccode\u003ereconnect\u003c/code\u003e in \u003ccode\u003eConnection.ping()\u003c/code\u003e by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1241\"\u003ePyMySQL/PyMySQL#1241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eConnection.set_charset()\u003c/code\u003e at runtime and document warning behavior by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1243\"\u003ePyMySQL/PyMySQL#1243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.2.0 by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1244\"\u003ePyMySQL/PyMySQL#1244\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1234\"\u003ePyMySQL/PyMySQL#1234\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.3...v1.2.0\"\u003ehttps://github.com/PyMySQL/PyMySQL/compare/v1.1.3...v1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md\"\u003epymysql's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eRelease date: 2026-05-19\u003c/p\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eConnection.ping()\u003c/code\u003e change the default to not reconnect and deprecate \u003ccode\u003ereconnect\u003c/code\u003e argument.\nCreate a new connection if you want to reconnect. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1241\"\u003e#1241\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eError classes in Cursor class are removed. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1240\"\u003e#1240\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003econnect()\u003c/code\u003e arguments \u003ccode\u003edb\u003c/code\u003e and \u003ccode\u003epasswd\u003c/code\u003e now emit DeprecationWarning.\nUse \u003ccode\u003edatabase\u003c/code\u003e and \u003ccode\u003epassword\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1240\"\u003e#1240\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eReorganize TLS connection behavior.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePyMySQL uses TLS by default when server supports it.\nUse \u003ccode\u003essl_disabled=True\u003c/code\u003e to prohibit SSL. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1213\"\u003e#1213\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWhen \u003ccode\u003essl_verify_cert=True\u003c/code\u003e, \u003ccode\u003essl_verify_identity=True\u003c/code\u003e, an \u003ccode\u003essl.SSLContext\u003c/code\u003e is passed,\nor when any other SSL option is configured, the connection \u003cstrong\u003erequires\u003c/strong\u003e SSL and raises\n\u003ccode\u003eOperationalError\u003c/code\u003e (CR_SSL_CONNECTION_ERROR) if the server doesn't support it. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1234\"\u003e#1234\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport MySQL 8 row/column alias syntax in \u003ccode\u003eexecutemany\u003c/code\u003e INSERT regex. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1235\"\u003e#1235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExpose SQLSTATE on MySQL protocol exceptions without changing exception formatting. (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1236\"\u003e#1236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReject non-finite \u003ccode\u003edecimal.Decimal\u003c/code\u003e query parameters (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003esNaN\u003c/code\u003e, \u003ccode\u003e±Infinity\u003c/code\u003e). (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1237\"\u003e#1237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eConnection.set_charset(charset)\u003c/code\u003e now emits \u003ccode\u003eDeprecationWarning\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/0f1c324a6b73e34810af3e584f6d32554604488a\"\u003e\u003ccode\u003e0f1c324\u003c/code\u003e\u003c/a\u003e use ubuntu-latest for pypi publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/53b16b22f0fefc64ccf4606f20c87bedcceb1cac\"\u003e\u003ccode\u003e53b16b2\u003c/code\u003e\u003c/a\u003e Release v1.2.0 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1244\"\u003e#1244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/637fe7e6b2b1bc6effefc53d0faccfe3d5036ea5\"\u003e\u003ccode\u003e637fe7e\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eConnection.set_charset()\u003c/code\u003e at runtime and document warning behavior...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/23ca04a357a042db4188adefd04031c205837927\"\u003e\u003ccode\u003e23ca04a\u003c/code\u003e\u003c/a\u003e add AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/7349a44e2b264395bd2d78fe3c9b7fdb26a7e740\"\u003e\u003ccode\u003e7349a44\u003c/code\u003e\u003c/a\u003e deprecate \u003ccode\u003ereconnect\u003c/code\u003e in \u003ccode\u003eConnection.ping()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1241\"\u003e#1241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/ad5c50c254925caf24dbc06832a69f5c5c5ec76b\"\u003e\u003ccode\u003ead5c50c\u003c/code\u003e\u003c/a\u003e update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/c963edbf53ac52f9ea6c9717411127d0d7f7061a\"\u003e\u003ccode\u003ec963edb\u003c/code\u003e\u003c/a\u003e Deprecation and removals (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1240\"\u003e#1240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/af6b9b42abcea73d9bfdb0aaff75656171c9cec7\"\u003e\u003ccode\u003eaf6b9b4\u003c/code\u003e\u003c/a\u003e Prepare CHANGELOG for v1.2.0 release from v1.1.3 changes (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1238\"\u003e#1238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/c7bf73f1987c3b78debb39a7a074e806178ecc9b\"\u003e\u003ccode\u003ec7bf73f\u003c/code\u003e\u003c/a\u003e docs: update outdated requirements and reference links (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1239\"\u003e#1239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/c532b8d9d515ac5769cd285a5a520afed1e035c1\"\u003e\u003ccode\u003ec532b8d\u003c/code\u003e\u003c/a\u003e Reject non-finite \u003ccode\u003edecimal.Decimal\u003c/code\u003e query parameters (\u003ccode\u003eNaN\u003c/code\u003e, \u003ccode\u003esNaN\u003c/code\u003e, `±Infini...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.3...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.11.0 to 6.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.12.1, 2026-05-22\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit input size and element count for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3796\"\u003e#3796\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent cyclic parent hierarchies for inherited dictionaries (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3795\"\u003e#3795\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeal with invalid first code in LZW decoder (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3794\"\u003e#3794\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.12.0...6.12.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.12.0, 2026-05-21\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow cross-reference streams with zero-only width values (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3791\"\u003e#3791\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid excessive whitespace in layout mode text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3790\"\u003e#3790\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement SASLprep (RFC 4013) for AES-256 password normalization (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3780\"\u003e#3780\u003c/a\u003e) by \u003ca href=\"https://github.com/adityamoolya\"\u003e\u003ccode\u003e@​adityamoolya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCID font resource from font file to encode more characters (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3652\"\u003e#3652\u003c/a\u003e) by \u003ca href=\"https://github.com/PJBrs\"\u003e\u003ccode\u003e@​PJBrs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize retrieval of named destinatinos in reader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3442\"\u003e#3442\u003c/a\u003e) by \u003ca href=\"https://github.com/larsga\"\u003e\u003ccode\u003e@​larsga\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix TreeObject.insert_child KeyError on fresh children (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3786\"\u003e#3786\u003c/a\u003e) by \u003ca href=\"https://github.com/Abzaek\"\u003e\u003ccode\u003e@​Abzaek\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppearanceStream: Also honor user-set font name when not flattening annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3781\"\u003e#3781\u003c/a\u003e) by \u003ca href=\"https://github.com/PJBrs\"\u003e\u003ccode\u003e@​PJBrs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock encrypting writer in incremental mode (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3789\"\u003e#3789\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.11.0...6.12.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.12.1, 2026-05-22\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit input size and element count for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3796\"\u003e#3796\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent cyclic parent hierarchies for inherited dictionaries (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3795\"\u003e#3795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeal with invalid first code in LZW decoder (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3794\"\u003e#3794\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.12.0...6.12.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.12.0, 2026-05-21\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow cross-reference streams with zero-only width values (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3791\"\u003e#3791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid excessive whitespace in layout mode text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3790\"\u003e#3790\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImplement SASLprep (RFC 4013) for AES-256 password normalization (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3780\"\u003e#3780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCID font resource from font file to encode more characters (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3652\"\u003e#3652\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize retrieval of named destinatinos in reader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3442\"\u003e#3442\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix TreeObject.insert_child KeyError on fresh children (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3786\"\u003e#3786\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppearanceStream: Also honor user-set font name when not flattening annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3781\"\u003e#3781\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock encrypting writer in incremental mode (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3789\"\u003e#3789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.11.0...6.12.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/228780a5c759feae0ed1c2741ad36ba86e0e1475\"\u003e\u003ccode\u003e228780a\u003c/code\u003e\u003c/a\u003e REL: 6.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62191d5a5c3ee218856d3cbaa039366bc97909f7\"\u003e\u003ccode\u003e62191d5\u003c/code\u003e\u003c/a\u003e SEC: Limit input size and element count for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3796\"\u003e#3796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/e85263124757d277ed463d737fe830920ba7f1ea\"\u003e\u003ccode\u003ee852631\u003c/code\u003e\u003c/a\u003e ROB: Prevent cyclic parent hierarchies for inherited dictionaries (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3795\"\u003e#3795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/6b4bbcc43e6c357b381751f0aa09fcbd5825cd63\"\u003e\u003ccode\u003e6b4bbcc\u003c/code\u003e\u003c/a\u003e ROB: Deal with invalid first code in LZW decoder (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3794\"\u003e#3794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/20c16d372521cf8485756ad1e4d95021b9c94f79\"\u003e\u003ccode\u003e20c16d3\u003c/code\u003e\u003c/a\u003e TST: Update tests for Python 3.15 support (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3793\"\u003e#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/08eb1435ef2e4d1e3d5fe90636c3cee7aa6f4470\"\u003e\u003ccode\u003e08eb143\u003c/code\u003e\u003c/a\u003e REL: 6.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/507d7c9aa6ea83389b954b9c3c0c528fe5d5da70\"\u003e\u003ccode\u003e507d7c9\u003c/code\u003e\u003c/a\u003e SEC: Disallow cross-reference streams with zero-only width values (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3791\"\u003e#3791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9d2747057c4afc06ccc0fc6244a3915ba6ea6f0b\"\u003e\u003ccode\u003e9d27470\u003c/code\u003e\u003c/a\u003e SEC: Avoid excessive whitespace in layout mode text extraction (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3790\"\u003e#3790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0a8e699d33ff1d82fae17b7cfa6d01b822be50b2\"\u003e\u003ccode\u003e0a8e699\u003c/code\u003e\u003c/a\u003e DOC: Block encrypting writer in incremental mode (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3789\"\u003e#3789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/541ebd4e6e0c23dd90f5723210b585655d2a9519\"\u003e\u003ccode\u003e541ebd4\u003c/code\u003e\u003c/a\u003e DEV: Update idna from version 3.10 to 3.15\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.11.0...6.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.28 to 0.0.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3265\"\u003e#3265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/61e385bd6dc438a90493c50f65ed232430f873fb\"\u003e\u003ccode\u003e61e385b\u003c/code\u003e\u003c/a\u003e Add zizmor GitHub Actions security analysis workflow (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3264\"\u003e#3264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentence-transformers` from 5.5.0 to 5.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.1 - Small Multimodal patch\u003c/h2\u003e\n\u003cp\u003eThis patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.5.1\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.5.1\npip install sentence-transformers[onnx-gpu]==5.5.1\npip install sentence-transformers[onnx]==5.5.1\npip install sentence-transformers[openvino]==5.5.1\u003c/p\u003e\n\u003ch1\u003eMultimodal dependencies (optional):\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[image]==5.5.1\npip install sentence-transformers[audio]==5.5.1\npip install sentence-transformers[video]==5.5.1\u003c/p\u003e\n\u003ch1\u003eOr combine as needed:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[train,onnx,image]==5.5.1\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug fixed\u003c/h2\u003e\n\u003cp\u003ePreviously, inference like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e or \u003ccode\u003emodel.encode([{\u0026quot;image\u0026quot;: ...}, ...])\u003c/code\u003e would be inferred as the \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e modality, which differed from the inferred modality of \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e for just \u003ccode\u003emodel.encode(my_image)\u003c/code\u003e or \u003ccode\u003emodel.encode([my_image, my_image_2, ...])\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis results in confusing errors if the model doesn't have a \u003ccode\u003emodality_config\u003c/code\u003e mapping for \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e in addition to \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, so now a single-key multimodal dict is collapsed to the bare modality (just \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e in this example).\u003c/p\u003e\n\u003cp\u003eThis affected this code:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\r\nfrom sentence_transformers import SentenceTransformer\r\n\u003cp\u003emodel = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)\nembedding = model.encode({\u0026quot;image\u0026quot;: \u0026quot;\u003ca href=\"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;%7D\"\u003ehttps://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;}\u003c/a\u003e)\nprint(embedding.shape)\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eWhich previously failed as the model only implements a path for \u003ccode\u003e\u0026quot;text\u0026quot;\u003c/code\u003e, \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, and \u003ccode\u003e(\u0026quot;image\u0026quot;, \u0026quot;text\u0026quot;)\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eAll Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Collapse single-key multimodal dicts to bare modality by \u003ca href=\"https://github.com/tomaarsen\"\u003e\u003ccode\u003e@​tomaarsen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ehttps://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce3ec6d87f25b2d1cccb0a20f8fd495dad5c30fb\"\u003e\u003ccode\u003ece3ec6d\u003c/code\u003e\u003c/a\u003e Release v5.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/610a7c5ccfdfccc19933900feba0206f2e76bf59\"\u003e\u003ccode\u003e610a7c5\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Collapse single-key multimodal dicts to bare modality (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hypothesis` from 6.152.7 to 6.152.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/releases\"\u003ehypothesis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.9\u003c/h2\u003e\n\u003cp\u003eThis release substantially improves our internal distribution for\ngenerating integers. This release has the most visible effect on\n\u0026quot;integers()\u0026quot;, but may incidentally improve other strategies which draw\nintegers internally.\u003c/p\u003e\n\u003cp\u003eOur integers distribution had two problems. First, it had jagged\ndiscontinuities at certain values where we switched sampling\napproaches. Second, it used a different distribution for bounded and\nunbounded ranges, which resulted in \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(-2\u003cstrong\u003e64, 2\u003c/strong\u003e64)\u0026quot; producing very different distributions\ndespite being semantically similar.\u003c/p\u003e\n\u003cp\u003eWe now use a smooth distribution for both \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(a, b)\u0026quot;, which fixes both of these issues. This should\nsubstantially improve our testing power in certain cases.\u003c/p\u003e\n\u003cp\u003eThe only way this release should be user-visible is that it finds more\nbugs! If this release is user-visible in other ways - for example,\nbecause it is slower, or produces a worse distribution in some cases -\nplease open an issue.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-9\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.8\u003c/h2\u003e\n\u003cp\u003eThis release drops support for end-of-life Django 4.2.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-8\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/56018dc5d192cb5d58528fcf9dd9799e5744b52c\"\u003e\u003ccode\u003e56018dc\u003c/code\u003e\u003c/a\u003e Bump hypothesis-python version to 6.152.9 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/4b976e2a0d4c4120d99afac3df84bd6b440ea1c7\"\u003e\u003ccode\u003e4b976e2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4728\"\u003e#4728\u003c/a\u003e from HypothesisWorks/new-integers-distribution\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/ec394ecb8ecad42e2bba9bd51d61c88be5a497a3\"\u003e\u003ccode\u003eec394ec\u003c/code\u003e\u003c/a\u003e Bump hypothesis-python version to 6.152.8 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/70a31faa9ac2f61bec5ecdc0459bdc82d5aa52af\"\u003e\u003ccode\u003e70a31fa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4709\"\u003e#4709\u003c/a\u003e from HypothesisWorks/create-pull-request/patch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/ab53fc1f1fe2df4322d75635afd6cef7c91a91e5\"\u003e\u003ccode\u003eab53fc1\u003c/code\u003e\u003c/a\u003e drop end-of-life Django 4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/0f3d80ecdc6ca245472f2d16859bc3968577bacd\"\u003e\u003ccode\u003e0f3d80e\u003c/code\u003e\u003c/a\u003e sort PYTHONS dict in autoupdate output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/3cdf0c853b41451db9249f96dc6c283fc12d43aa\"\u003e\u003ccode\u003e3cdf0c8\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/b5f597533e4ae067c401a5acd529862cb873e4f0\"\u003e\u003ccode\u003eb5f5975\u003c/code\u003e\u003c/a\u003e address typing changes for mypy 2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/14f3bd48bc785ebe2acfd5d94030bb5f5765bfc6\"\u003e\u003ccode\u003e14f3bd4\u003c/code\u003e\u003c/a\u003e Update pinned dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/c1836416f2c1c...\n\n_Description has been truncated_","html_url":"https://github.com/FabioLeitao/data-boar/pull/663","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FabioLeitao%2Fdata-boar/issues/663","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/663/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-22T11:20:30.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4502189583","node_id":"PR_kwDODyT54s7eUjt0","number":1225,"state":"closed","title":"Deps: Bump the python-packages group across 1 directory with 14 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-25T04:38:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T11:20:30.000Z","updated_at":"2026-05-25T04:38:58.000Z","time_to_close":235105,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Deps: Bump","group_name":"python-packages","update_count":14,"packages":[{"name":"tomlkit","old_version":"0.14.0","new_version":"0.15.0","repository_url":"https://github.com/python-poetry/tomlkit"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"idna","old_version":"3.15","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.9.0","new_version":"0.11.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mdit-py-plugins","old_version":"0.5.0","new_version":"0.6.1","repository_url":"https://github.com/executablebooks/mdit-py-plugins"},{"name":"mypy","old_version":"1.20.2","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.12","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"starlette","old_version":"1.0.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.46.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-packages group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [tomlkit](https://github.com/python-poetry/tomlkit) | `0.14.0` | `0.15.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.16` |\n| [librt](https://github.com/mypyc/librt) | `0.9.0` | `0.11.0` |\n| [mdit-py-plugins](https://github.com/executablebooks/mdit-py-plugins) | `0.5.0` | `0.6.1` |\n| [mypy](https://github.com/python/mypy) | `1.20.2` | `2.1.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.12` | `0.15.14` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.0.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.47.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n\n\nUpdates `tomlkit` from 0.14.0 to 0.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/tomlkit/releases\"\u003etomlkit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(spec): update to toml spec v1.1 by \u003ca href=\"https://github.com/frostming\"\u003e\u003ccode\u003e@​frostming\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/456\"\u003epython-poetry/tomlkit#456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/455\"\u003epython-poetry/tomlkit#455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump virtualenv from 20.26.6 to 20.36.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/454\"\u003epython-poetry/tomlkit#454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/458\"\u003epython-poetry/tomlkit#458\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump pygments from 2.18.0 to 2.20.0 in /docs by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/464\"\u003epython-poetry/tomlkit#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump pygments from 2.17.2 to 2.20.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/463\"\u003epython-poetry/tomlkit#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump requests from 2.32.4 to 2.33.0 in /docs by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/462\"\u003epython-poetry/tomlkit#462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/461\"\u003epython-poetry/tomlkit#461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eType annotations by \u003ca href=\"https://github.com/dimbleby\"\u003e\u003ccode\u003e@​dimbleby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/460\"\u003epython-poetry/tomlkit#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHonor sort_keys for parsed TOML documents by \u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/471\"\u003epython-poetry/tomlkit#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/469\"\u003epython-poetry/tomlkit#469\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: fix a parser hang by \u003ca href=\"https://github.com/dimbleby\"\u003e\u003ccode\u003e@​dimbleby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/470\"\u003epython-poetry/tomlkit#470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/472\"\u003epython-poetry/tomlkit#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 0.15.0 and update changelog for release by \u003ca href=\"https://github.com/frostming\"\u003e\u003ccode\u003e@​frostming\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/473\"\u003epython-poetry/tomlkit#473\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dimbleby\"\u003e\u003ccode\u003e@​dimbleby\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/460\"\u003epython-poetry/tomlkit#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShipItAndPray\"\u003e\u003ccode\u003e@​ShipItAndPray\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/471\"\u003epython-poetry/tomlkit#471\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/python-poetry/tomlkit/compare/0.14.0...0.15.0\"\u003ehttps://github.com/python-poetry/tomlkit/compare/0.14.0...0.15.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/tomlkit/blob/master/CHANGELOG.md\"\u003etomlkit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.15.0] - 2026-05-10\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate parser to support TOML spec v1.1.0. (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/pull/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/8694e4d3323df68eb325bf3d5ab7caa66f8c206a\"\u003e\u003ccode\u003e8694e4d\u003c/code\u003e\u003c/a\u003e chore: bump version to 0.15.0 and update changelog for release (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/473\"\u003e#473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/e636a5121260e811dba9fd1c33656021f6855490\"\u003e\u003ccode\u003ee636a51\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/96a4d22fdd07e25742009a6bcd8a2d23e9b5574a\"\u003e\u003ccode\u003e96a4d22\u003c/code\u003e\u003c/a\u003e fix: fix a parser hang (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/470\"\u003e#470\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/843f79992139ec56266f52161b27a3eadd1f6a35\"\u003e\u003ccode\u003e843f799\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/469\"\u003e#469\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/2c87eafe7c852d19c1b91a1c9bed4d47bd03816f\"\u003e\u003ccode\u003e2c87eaf\u003c/code\u003e\u003c/a\u003e Honor sort_keys for parsed TOML documents (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/8e32f9cb7fcfbc45e893c34e0e9a590a26675fd6\"\u003e\u003ccode\u003e8e32f9c\u003c/code\u003e\u003c/a\u003e Type annotations (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/df98af48778f865d270d2f53e816d3b0948c8927\"\u003e\u003ccode\u003edf98af4\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/4bd97db2c8fda5cbffc01acc586e3328168bac36\"\u003e\u003ccode\u003e4bd97db\u003c/code\u003e\u003c/a\u003e chore(deps): bump requests from 2.32.4 to 2.33.0 in /docs (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/462\"\u003e#462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/b2d703032bf2e44e680b67f2897c3a7c67be55eb\"\u003e\u003ccode\u003eb2d7030\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump pygments from 2.17.2 to 2.20.0 (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/tomlkit/commit/87d98b1d0100c5bd39736eda4cd9cc3d8e24bf48\"\u003e\u003ccode\u003e87d98b1\u003c/code\u003e\u003c/a\u003e chore(deps): bump pygments from 2.18.0 to 2.20.0 in /docs (\u003ca href=\"https://redirect.github.com/python-poetry/tomlkit/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/tomlkit/compare/0.14.0...0.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.15 to 3.16\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4e6cbe225a3e0b6e7eed2082086a12cba526e787\"\u003e\u003ccode\u003e4e6cbe2\u003c/code\u003e\u003c/a\u003e Demote installation instruction to usage section\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/223533c34c9e23470e714ed9b1f1c41867177732\"\u003e\u003ccode\u003e223533c\u003c/code\u003e\u003c/a\u003e Merge branch 'readme-simplification' into release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b1640b228a50b3c94ffcf8a664eb6cb186550f3e\"\u003e\u003ccode\u003eb1640b2\u003c/code\u003e\u003c/a\u003e Bump version to 3.16rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/3a861132be61091454aae10c292d98bcfd3cd797\"\u003e\u003ccode\u003e3a86113\u003c/code\u003e\u003c/a\u003e Update history for 3.16 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d4bc9e742b753cff2ec6c53bd4be730863ca9c53\"\u003e\u003ccode\u003ed4bc9e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/246\"\u003e#246\u003c/a\u003e from kjd/python-3.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a21d9fca6b04c47ddbd0303d62bbc0712b55f43d\"\u003e\u003ccode\u003ea21d9fc\u003c/code\u003e\u003c/a\u003e Update deprecation policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/b46492694aa21dc1c3608f59dd5b9620c08b2d0f\"\u003e\u003ccode\u003eb464926\u003c/code\u003e\u003c/a\u003e Raise minimum Python to 3.9 and modernize typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7f3b15e8839f0e404a00054c4072e69347e727f2\"\u003e\u003ccode\u003e7f3b15e\u003c/code\u003e\u003c/a\u003e Explicit example not needed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7530c7020ae2bcf0acff1fafd71fb047a3b117ed\"\u003e\u003ccode\u003e7530c70\u003c/code\u003e\u003c/a\u003e Remove unnecessary print()\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.15...v3.16\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `librt` from 0.9.0 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/862679a0492f4433a286b2d53965ec2603623be1\"\u003e\u003ccode\u003e862679a\u003c/code\u003e\u003c/a\u003e Sync mypy and bump version to 0.11.0 (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/1d5e9b240ac073f10ef389e9e27a2f2647fcd653\"\u003e\u003ccode\u003e1d5e9b2\u003c/code\u003e\u003c/a\u003e Bump version to 0.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mypyc/librt/commit/963673e91ad7482aa46df25f7c68d4a5ced8a712\"\u003e\u003ccode\u003e963673e\u003c/code\u003e\u003c/a\u003e Sync mypy and add smoke tests (\u003ca href=\"https://redirect.github.com/mypyc/librt/issues/38\"\u003e#38\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mypyc/librt/compare/v0.9.0...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mdit-py-plugins` from 0.5.0 to 0.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/releases\"\u003emdit-py-plugins's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.6.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 FIX: Nested field lists incorrectly nesting inside parent containers by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/139\"\u003eexecutablebooks/mdit-py-plugins#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 Release v0.6.1 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/140\"\u003eexecutablebooks/mdit-py-plugins#140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/compare/v0.6.0...v0.6.1\"\u003ehttps://github.com/executablebooks/mdit-py-plugins/compare/v0.6.0...v0.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add AGENTS.md and copilot-setup-steps workflow by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/132\"\u003eexecutablebooks/mdit-py-plugins#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ NEW: Add superscript plugin and tests by \u003ca href=\"https://github.com/elijahgreenstein\"\u003e\u003ccode\u003e@​elijahgreenstein\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/128\"\u003eexecutablebooks/mdit-py-plugins#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Add GFM autolink and composite GFM plugins by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/135\"\u003eexecutablebooks/mdit-py-plugins#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Fix pre-commit by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/136\"\u003eexecutablebooks/mdit-py-plugins#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 Release v0.6.0 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/137\"\u003eexecutablebooks/mdit-py-plugins#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/132\"\u003eexecutablebooks/mdit-py-plugins#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/elijahgreenstein\"\u003e\u003ccode\u003e@​elijahgreenstein\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/pull/128\"\u003eexecutablebooks/mdit-py-plugins#128\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/compare/v0.5.0...v0.6.0\"\u003ehttps://github.com/executablebooks/mdit-py-plugins/compare/v0.5.0...v0.6.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/blob/master/CHANGELOG.md\"\u003emdit-py-plugins's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.6.1 - 2026-05-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e🐛 FIX: Nested field lists incorrectly nesting inside parent containers (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/139\"\u003e#139\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eField lists inside list items (or other indented containers) would recursively nest each field inside the previous one, instead of being siblings.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.6.0 - 2026-05-07\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e✨ NEW: Add GFM autolink and composite GFM plugins (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/135\"\u003e#135\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003egfm_autolink\u003c/code\u003e plugin implements \u003ca href=\"https://github.github.com/gfm/#autolinks-extension-\"\u003eGFM autolink literals\u003c/a\u003e,\nauto-linking URLs and email addresses without requiring angle brackets:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003eVisit www.example.com or contact user@example.com\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe \u003ccode\u003egfm\u003c/code\u003e composite plugin enables a full Github Flavored Markdown (GFM)-like configuration in a single call\n(tables, strikethrough, autolinks, task lists, alerts, and footnotes).\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax\"\u003ethe GitHub docs\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eRequires markdown-it-py \u0026gt;= 4.1.0.\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e✨ NEW: Add superscript plugin and tests, thanks to \u003ca href=\"https://github.com/elijahgreenstein\"\u003e\u003ccode\u003e@​elijahgreenstein\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/128\"\u003e#128\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003ePorted from \u003ca href=\"https://github.com/markdown-it/markdown-it-sup\"\u003emarkdown-it-sup\u003c/a\u003e.\nRenders superscript text using \u003ccode\u003e^..^\u003c/code\u003e syntax:\u003c/p\u003e\n\u003cpre lang=\"markdown\"\u003e\u003ccode\u003e29^th^ of May\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/da70e05b7630c38047d1921ef21d1aadc34c1ea9\"\u003e\u003ccode\u003eda70e05\u003c/code\u003e\u003c/a\u003e 🚀 Release v0.6.1 (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/140\"\u003e#140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/f41d88c17c90dac4f9fd77418e1dcc2ba2c4ea9b\"\u003e\u003ccode\u003ef41d88c\u003c/code\u003e\u003c/a\u003e 🐛 FIX: Nested field lists incorrectly nesting inside parent containers (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/b8735072c4a0d406ad29a87f472a638f6d4ac3f5\"\u003e\u003ccode\u003eb873507\u003c/code\u003e\u003c/a\u003e 🚀 Release v0.6.0 (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/b77a18bcb3a8a640dbfc57dcb901fa18cee74bf8\"\u003e\u003ccode\u003eb77a18b\u003c/code\u003e\u003c/a\u003e 🔧 Fix pre-commit (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/136\"\u003e#136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/28a97783ee58785003bc9c84e0821bc3babb35a3\"\u003e\u003ccode\u003e28a9778\u003c/code\u003e\u003c/a\u003e ✨ Add GFM autolink and composite GFM plugins (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/39c681fddac49430ee4a748433bcfae5888b7576\"\u003e\u003ccode\u003e39c681f\u003c/code\u003e\u003c/a\u003e ✨ NEW: Add superscript plugin and tests (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/128\"\u003e#128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/commit/62f00586e872e62a700fb13f65e254c686474fc6\"\u003e\u003ccode\u003e62f0058\u003c/code\u003e\u003c/a\u003e 🔧 Add AGENTS.md and copilot-setup-steps workflow (\u003ca href=\"https://redirect.github.com/executablebooks/mdit-py-plugins/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/executablebooks/mdit-py-plugins/compare/v0.5.0...v0.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eMypy Release Notes\u003c/h1\u003e\n\u003ch2\u003eNext Release\u003c/h2\u003e\n\u003ch2\u003eMypy 2.1\u003c/h2\u003e\n\u003cp\u003eWe’ve just uploaded mypy 2.1.0 to the Python Package Index (\u003ca href=\"https://pypi.org/project/mypy/\"\u003ePyPI\u003c/a\u003e).\nMypy is a static type checker for Python. This release includes new features, performance\nimprovements and bug fixes. You can install it as follows:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython3 -m pip install -U mypy\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eYou can read the full documentation for this release on \u003ca href=\"http://mypy.readthedocs.io\"\u003eRead the Docs\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003elibrt.vecs: Fast Growable Array Type for Mypyc\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.vecs\u003c/code\u003e module provides an efficient growable array type \u003ccode\u003evec\u003c/code\u003e that is\noptimized for mypyc use. It provides fast, packed arrays with integer and floating point\nvalue types, which can be \u003cstrong\u003eseveral times faster\u003c/strong\u003e than \u003ccode\u003elist\u003c/code\u003e, and tens of times faster\nthan \u003ccode\u003earray.array\u003c/code\u003e in code compiled using mypyc. It also supports nested \u003ccode\u003evec\u003c/code\u003e objects and\nnon-value-type items, such as \u003ccode\u003evec[vec[str]]\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_vecs.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo.\u003c/p\u003e\n\u003ch3\u003elibrt.random: Fast Pseudo-Random Number Generation\u003c/h3\u003e\n\u003cp\u003eThe new \u003ccode\u003elibrt.random\u003c/code\u003e module provides fast pseudo-random number generation that is\noptimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib\n\u003ccode\u003erandom\u003c/code\u003e module in compiled code.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca href=\"https://mypyc.readthedocs.io/en/latest/librt_random.html\"\u003edocumentation\u003c/a\u003e for\nthe details.\u003c/p\u003e\n\u003cp\u003eContributed by Jukka Lehtosalo (PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21433\"\u003e21433\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMypyc Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake compilation order with multiple files consistent (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21419\"\u003e21419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on accessing \u003ccode\u003eStopAsyncIteration\u003c/code\u003e (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21406\"\u003e21406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incremental compilation with \u003ccode\u003eseparate\u003c/code\u003e flag (Vaggelis Danias, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21299\"\u003e21299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes to Crashes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash on partial type with \u003ccode\u003e--allow-redefinition\u003c/code\u003e and \u003ccode\u003eglobal\u003c/code\u003e declaration (Jukka Lehtosalo, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21428\"\u003e21428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix broken awaitable generator patching (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21435\"\u003e21435\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges to Messages\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c1c336d7e34eb313080c79b156518c58d27c7234\"\u003e\u003ccode\u003ec1c336d\u003c/code\u003e\u003c/a\u003e Remove +dev from version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/74df14b7cbf08140236aa45bbb7f42219b0b1df7\"\u003e\u003ccode\u003e74df14b\u003c/code\u003e\u003c/a\u003e Add changelog for mypy 2.1 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21464\"\u003e#21464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/022d9bc96f86c40f338a5cf150f1806cc8f300ff\"\u003e\u003ccode\u003e022d9bc\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;TypeForm: Enable by default (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21262\"\u003e#21262\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8826288214f1cb31496e610667481221e025359c\"\u003e\u003ccode\u003e8826288\u003c/code\u003e\u003c/a\u003e [mypyc] Document librt.random (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21463\"\u003e#21463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/3f4067b699dbe52d08e42ef3b3ebfdebdc06bd96\"\u003e\u003ccode\u003e3f4067b\u003c/code\u003e\u003c/a\u003e Bump librt version to 0.11.0 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21458\"\u003e#21458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/2b1eb58a250c5f1eb4ef5fb1f312ff528c5a1d4e\"\u003e\u003ccode\u003e2b1eb58\u003c/code\u003e\u003c/a\u003e [mypyc] Enable incremental self-compilation (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21369\"\u003e#21369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/8152f4af3f6c03beaf2660026240f0fdce7feecc\"\u003e\u003ccode\u003e8152f4a\u003c/code\u003e\u003c/a\u003e Respect file config comments for stale modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21444\"\u003e#21444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/116d60bdd3fdfe8d97c6afe99370910db56f1b92\"\u003e\u003ccode\u003e116d60b\u003c/code\u003e\u003c/a\u003e Fix nondeterminism from nonassociativity of overload joins (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21455\"\u003e#21455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/6c4af8e42110cea3f84bc02add2ca7b89c268210\"\u003e\u003ccode\u003e6c4af8e\u003c/code\u003e\u003c/a\u003e Fix function call message change for small number of args (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21432\"\u003e#21432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/4b8fdcaf24032592510e8f15421fb32d82a71800\"\u003e\u003ccode\u003e4b8fdca\u003c/code\u003e\u003c/a\u003e [mypyc] Add librt.random module (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21433\"\u003e#21433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.12 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9ad2da3015e5faf73bdc5f1d09df3e47238e3edf\"\u003e\u003ccode\u003e9ad2da3\u003c/code\u003e\u003c/a\u003e Bump 0.15.14 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25295\"\u003e#25295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c714e84952510696c05ec21b0158a3548898f594\"\u003e\u003ccode\u003ec714e84\u003c/code\u003e\u003c/a\u003e [ty] Modernize setup of union types in mdtests (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25291\"\u003e#25291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/8a8e35ebfe318e2467a0f276e5d1a3a9032a55ad\"\u003e\u003ccode\u003e8a8e35e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parame...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/aea5ed4d278017057c2e842c6c3a2e92ad71495f\"\u003e\u003ccode\u003eaea5ed4\u003c/code\u003e\u003c/a\u003e Avoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e9d72bb420f26c23e6660bfce4dfa0028b931bff\"\u003e\u003ccode\u003ee9d72bb\u003c/code\u003e\u003c/a\u003e [ty] Allow enum member accesses on \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25077\"\u003e#25077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6cbd59b511a92d5f408db57bde33367c0d47b672\"\u003e\u003ccode\u003e6cbd59b\u003c/code\u003e\u003c/a\u003e Set \u003ccode\u003eexclude-newer = \u0026quot;7 days\u0026quot;\u003c/code\u003e in our PEP-723 scripts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25285\"\u003e#25285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/9999a3967ae28fe3295131e8883b6947f272a076\"\u003e\u003ccode\u003e9999a39\u003c/code\u003e\u003c/a\u003e Update code example on how to update Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67d8c544f0d1c526a2fc60d4bb1358fd7956d178\"\u003e\u003ccode\u003e67d8c54\u003c/code\u003e\u003c/a\u003e [ty] Retain recursively-defined state in binary expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25277\"\u003e#25277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/25a3191140dc0467f9d196f35c128fefde269261\"\u003e\u003ccode\u003e25a3191\u003c/code\u003e\u003c/a\u003e [ty] Refine Callable class-decorator fallback for unknown results (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25250\"\u003e#25250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/c423054dc09e5b644c926b6b527b6accfbe693e9\"\u003e\u003ccode\u003ec423054\u003c/code\u003e\u003c/a\u003e Add a recursion limit to the parser (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.12...0.15.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 1.0.0 to 1.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3279\"\u003eKludex/starlette#3279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/1.0.0...1.0.1\"\u003ehttps://github.com/Kludex/starlette/compare/1.0.0...1.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.1 (May 21, 2026)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e \u003ca href=\"https://redirect.github.com/encode/starlette/pull/3279\"\u003e#3279\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/48f8e331b23ca692f4713ac1f370bff1b5cd034c\"\u003e\u003ccode\u003e48f8e33\u003c/code\u003e\u003c/a\u003e Version 1.0.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3281\"\u003e#3281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/f078832be1aa27ab0e7ec3153479a347749e967a\"\u003e\u003ccode\u003ef078832\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3280\"\u003e#3280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/472951eba8f6e35be845fd1b91625a1b5488294b\"\u003e\u003ccode\u003e472951e\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group with 2 updates (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3277\"\u003e#3277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/764dab0dcfb9033d75442d7a359645c9f94648c6\"\u003e\u003ccode\u003e764dab0\u003c/code\u003e\u003c/a\u003e Ignore malformed \u003ccode\u003eHost\u003c/code\u003e header when constructing \u003ccode\u003erequest.url\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3279\"\u003e#3279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/19d08115ce56da8d4da2838ecdd9c5882cb2b365\"\u003e\u003ccode\u003e19d0811\u003c/code\u003e\u003c/a\u003e Harden GitHub Actions workflows and Dependabot config (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3276\"\u003e#3276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/01f46378120fe2c6312074ed7e997e3b5f7d8c20\"\u003e\u003ccode\u003e01f4637\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.10 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3274\"\u003e#3274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b8fa5140d2ef9f22483d777e936ab4c2df897179\"\u003e\u003ccode\u003eb8fa514\u003c/code\u003e\u003c/a\u003e docs: fix typos in TestClient docs and test_requests comment (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3266\"\u003e#3266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/e935b6b5d4616c2317bbdadfb4cf07a8e7637955\"\u003e\u003ccode\u003ee935b6b\u003c/code\u003e\u003c/a\u003e fix uvicorn domain (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3269\"\u003e#3269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/96af9521a7e46bc0d00b5227186f03b70b6d242f\"\u003e\u003ccode\u003e96af952\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/...\n\n_Description has been truncated_","html_url":"https://github.com/greenbone/pontos/pull/1225","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fpontos/issues/1225","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1225/packages"}},{"old_version":"5.3.1","new_version":"6.1.0","update_type":"major","path":null,"pr_created_at":"2026-05-21T00:35:58.000Z","version_change":"5.3.1 → 6.1.0","issue":{"uuid":"4490809265","node_id":"PR_kwDOOMKlh87dvpUg","number":7,"state":"closed","title":"Bump the pip group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:35:58.000Z","updated_at":"2026-05-28T22:52:57.000Z","time_to_close":685017,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":22,"packages":[{"name":"flask-cors","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"lxml","old_version":"5.3.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"eventlet","old_version":"0.39.0","new_version":"0.41.0","repository_url":"https://github.com/eventlet/eventlet"},{"name":"setuptools","old_version":"58.5.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"wheel","old_version":"0.45.0","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pymongo","old_version":"4.3.3","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"poetry","old_version":"2.0.0","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"twisted","old_version":"24.3.0","new_version":"26.4.0rc2","repository_url":"https://github.com/twisted/twisted"},{"name":"cryptography","old_version":"44.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"werkzeug","old_version":"2.3.7","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.17.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"5.29.3","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"virtualenv","old_version":"20.29.2","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `5.0.0` | `6.0.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.1` | `6.1.0` |\n| [eventlet](https://github.com/eventlet/eventlet) | `0.39.0` | `0.41.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `58.5.3` | `78.1.1` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.0` | `0.46.2` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.3` | `4.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.0.0` | `2.3.4` |\n| [twisted](https://github.com/twisted/twisted) | `24.3.0` | `26.4.0rc2` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.1.6` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.36.1` |\n\nBumps the pip group with 4 updates in the /buildscripts/cost_model directory: [pymongo](https://github.com/mongodb/mongo-python-driver), [fonttools](https://github.com/fonttools/fonttools), [pillow](https://github.com/python-pillow/Pillow) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).\n\nUpdates `flask-cors` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking\u003c/h2\u003e\n\u003cp\u003ePath specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6839] Sort Paths by Regex Specificity by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/391\"\u003ecorydolphin/flask-cors#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/389\"\u003ecorydolphin/flask-cors#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6866] Case Sensitive Request Path Matching by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/390\"\u003ecorydolphin/flask-cors#390\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Docs] Fix links to documentation by \u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix minor typos by \u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate packaging and environment management to use uv by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/377\"\u003ecorydolphin/flask-cors#377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release pipeline by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/378\"\u003ecorydolphin/flask-cors#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use trusted publishing by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/379\"\u003ecorydolphin/flask-cors#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkaround license publishing issue by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/380\"\u003ecorydolphin/flask-cors#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix packaging: missing source files by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/381\"\u003ecorydolphin/flask-cors#381\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536\"\u003e\u003ccode\u003e35d8753\u003c/code\u003e\u003c/a\u003e [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f\"\u003e\u003ccode\u003ee970988\u003c/code\u003e\u003c/a\u003e [CVE-2024-6839] Sort Paths by Regex Specificity (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358\"\u003e\u003ccode\u003eeb39516\u003c/code\u003e\u003c/a\u003e [CVE-2024-6866] Case Sensitive Request Path Matching (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/5da9be479b4fb203816bca9eb0cfb7add5eeceb5\"\u003e\u003ccode\u003e5da9be4\u003c/code\u003e\u003c/a\u003e Fix packaging: missing source files (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/65a51321e1be9a4320b39f67db5e63553cd8138b\"\u003e\u003ccode\u003e65a5132\u003c/code\u003e\u003c/a\u003e Workaround license publishing issue (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/7127e7e3914083fbe4ebd8f7ef9b3ae0e8459daa\"\u003e\u003ccode\u003e7127e7e\u003c/code\u003e\u003c/a\u003e Always use trusted publishing (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/01e2e68268f7fdb4ed7309a655986b85c9066a67\"\u003e\u003ccode\u003e01e2e68\u003c/code\u003e\u003c/a\u003e Fix release pipeline (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/ade65a16524c628747aecaaa73c1d615501974b2\"\u003e\u003ccode\u003eade65a1\u003c/code\u003e\u003c/a\u003e Major Packaging Refactor: migrate to uv (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb44bffc76f49e5bb8692e96a37e11ebee070cf0\"\u003e\u003ccode\u003eeb44bff\u003c/code\u003e\u003c/a\u003e fix: typos (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/371\"\u003e#371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/1225e7806156de61f343928c227e32bbff44059e\"\u003e\u003ccode\u003e1225e78\u003c/code\u003e\u003c/a\u003e replace documentation links in README (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 5.3.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-6.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.3.1...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eventlet` from 0.39.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eventlet/eventlet/blob/master/NEWS\"\u003eeventlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.41.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to 3.14 for testing (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMore visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.4\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.3\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY] Fix request smuggling vulnerability by discarding trailers (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.2\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix compatibility issues identified with Python 3.14 on Linux (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake database removal safer with IF EXISTS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrepare jobs and CI/CD for python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1055\"\u003e#1055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] \u0026quot;Fix\u0026quot; fork() so it \u0026quot;works\u0026quot; on Python 3.13, and \u0026quot;works\u0026quot; better on older Python versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1047\"\u003e#1047\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eBehavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.\u003c/li\u003e\n\u003cli\u003eBug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[fix] Fix patching of removed URLopener class in Python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] ReferenceError except while count rlock (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.utcfromtimestamp (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix][env] Remove duplicate steps (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.datetime.utcnow (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Fix ssl test when linking against openssl 3.5 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1034\"\u003e#1034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support Python 3.8 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[doc] Various doc updates (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/981\"\u003e#981\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1033\"\u003e#1033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[env] Drop PyPy support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1035\"\u003e#1035\u003c/a\u003e \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.39.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/5ec4b6dcd2e5bb41c63743bd59dedbce4a9c5381\"\u003e\u003ccode\u003e5ec4b6d\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.41.0 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/6de7dbbd71585e34ccbec99d220606febb286bb8\"\u003e\u003ccode\u003e6de7dbb\u003c/code\u003e\u003c/a\u003e Switch to 3.14 for testing, fix problems found along the way. (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1ea81d9fbf12ce62a818ff9125ca14593c5506a7\"\u003e\u003ccode\u003e1ea81d9\u003c/code\u003e\u003c/a\u003e Drop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/62662af7002b531bed608c7dd73d81943ff638c9\"\u003e\u003ccode\u003e62662af\u003c/code\u003e\u003c/a\u003e More visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/f3254a1b401714f6dfdffa5045d25a4d36c76c06\"\u003e\u003ccode\u003ef3254a1\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.40.4 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/8cb20296f3455a1836cdbcbf1d3545666ee7f867\"\u003e\u003ccode\u003e8cb2029\u003c/code\u003e\u003c/a\u003e Remove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/220f82d843c0a57c267e77f0cc437e0b43be1cca\"\u003e\u003ccode\u003e220f82d\u003c/code\u003e\u003c/a\u003e add 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/01a3da5f9b552c7d58eb6de829d33f522d4b04cf\"\u003e\u003ccode\u003e01a3da5\u003c/code\u003e\u003c/a\u003e Emit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1b2b959da1257dccd23956fda43d03dc6a28ca16\"\u003e\u003ccode\u003e1b2b959\u003c/code\u003e\u003c/a\u003e Fix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/d8bf4659cd8b178949cc2b1485b337d46bae6532\"\u003e\u003ccode\u003ed8bf465\u003c/code\u003e\u003c/a\u003e Workaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eventlet/eventlet/compare/0.39.0...0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 58.5.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v58.5.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.0 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.0...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.3 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.3...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `poetry` from 2.0.0 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.0.0...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `twisted` from 24.3.0 to 26.4.0rc2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/releases\"\u003etwisted's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eTwisted 26.4.0rc2 (2026-04-29)\u003c/h1\u003e\n\u003cp\u003eThis is the last release with support for Python 3.9.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.\nReported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12626\"\u003e#12626\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.endpoints.serverFromString now supports the \u003ccode\u003etls\u003c/code\u003e endpoint\ntype, which allows you to do \u003ccode\u003etwist web\r --listen=tls:.../certbot-dir/config/live\u003c/code\u003e pointed at a certbot live\nconfiguration directory and have your certbot certificates automatically\ndiscovered and served appropriately. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9885\"\u003e#9885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.reactor\u003c/code\u003e now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9909\"\u003e#9909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types \u0026quot;\u003ca href=\"mailto:sk-ecdsa-sha2-nistp256@openssh.com\"\u003esk-ecdsa-sha2-nistp256@openssh.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:sk-ssh-ed25519@openssh.com\"\u003esk-ssh-ed25519@openssh.com\u003c/a\u003e\u0026quot; and extracting the \u003ccode\u003eapplication\u003c/code\u003e property from these new key types. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12212\"\u003e#12212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.mail will now return a meaningful Failure when TLS validation fails. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10232\"\u003e#10232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA potential reference cycle that might cause intermittent memory spikes while\nusing twisted.internet.defer.inlineCallbacks was removed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12120\"\u003e#12120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrial no longer emits the error \u003ccode\u003eRuntimeWarning: TestResult has no addDuration method\u003c/code\u003e when running PyUnit tests. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12229\"\u003e#12229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.python.rebuild.rebuild() now handles changes to \u003ccode\u003esys.modules\u003c/code\u003e gracefully. Prior to the change, it could possibly raise a \u0026quot;dictionary changed size during iteration\u0026quot; error if the module list changed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12458\"\u003e#12458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.protocol.ReconnectingClientFactory: Don't multiply by \u003ccode\u003efactor\u003c/code\u003e for initial delay, but use \u003ccode\u003einitialDelay\u003c/code\u003e directly. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12478\"\u003e#12478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12500\"\u003e#12500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.testing.MemoryReactor.callWhenRunning\u003c/code\u003e now invokes the callback immediately, if already started. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12514\"\u003e#12514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTwisted now correctly detects EOF on OpenSSL 4. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12632\"\u003e#12632\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe example code from the documentation describing how to create a custom DNS server was updated to Python3. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eType annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12556\"\u003e#12556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/blob/trunk/NEWS.rst\"\u003etwisted's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis file contains the release notes for Twisted.\u003c/p\u003e\n\u003cp\u003eIt only contains high-level changes that are of interest to Twisted library users.\nUsers of Twisted should check the notes before planning an upgrade.\u003c/p\u003e\n\u003cp\u003eTicket numbers in this file can be looked up by visiting\n\u003ca href=\"https://twisted.org/trac/ticket/\"\u003ehttps://twisted.org/trac/ticket/\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003e.. towncrier release notes start\u003c/p\u003e\n\u003ch1\u003eTwis...\n\n_Description has been truncated_","html_url":"https://github.com/Jackblanket847/mongo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jackblanket847%2Fmongo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"6.1.0","new_version":"6.1.1","update_type":"patch","path":null,"pr_created_at":"2026-05-21T00:20:49.000Z","version_change":"6.1.0 → 6.1.1","issue":{"uuid":"4490760425","node_id":"PR_kwDOQ9oP0c7dvfm7","number":57,"state":"open","title":"build(deps): bump the pip-minor-patch group with 5 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-21T00:20:49.000Z","updated_at":"2026-05-21T00:23:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip-minor-patch","update_count":5,"packages":[{"name":"requests","old_version":"2.34.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"lxml","old_version":"6.1.0","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"openai","old_version":"2.36.0","new_version":"2.37.0","repository_url":"https://github.com/openai/openai-python"},{"name":"transformers","old_version":"5.8.1","new_version":"5.9.0","repository_url":"https://github.com/huggingface/transformers"},{"name":"huggingface-hub","old_version":"1.14.0","new_version":"1.15.0","repository_url":"https://github.com/huggingface/huggingface_hub"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-minor-patch group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.34.1` | `2.34.2` |\n| [lxml](https://github.com/lxml/lxml) | `6.1.0` | `6.1.1` |\n| [openai](https://github.com/openai/openai-python) | `2.36.0` | `2.37.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.8.1` | `5.9.0` |\n| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.14.0` | `1.15.0` |\n\nUpdates `requests` from 2.34.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.34.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.1.0 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.1.0...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.36.0 to 2.37.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/658be644f48028ea3c7b1545034470fda75a70ba\"\u003e\u003ccode\u003e658be64\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3213\"\u003e#3213\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/8a7cac34cbc64fe02854beb3659f4bb5f46815f9\"\u003e\u003ccode\u003e8a7cac3\u003c/code\u003e\u003c/a\u003e release: 2.37.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/9b4bf8edbac6aab217f1ac4436a47cbca2cad43b\"\u003e\u003ccode\u003e9b4bf8e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/1903\"\u003e#1903\u003c/a\u003e from stainless-sdks/dev/jtian/remove-unnecessary-params\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003e\u003ccode\u003ec39ea8d\u003c/code\u003e\u003c/a\u003e feat: Remove unnecessary client_id when using workload identity provider for ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e\u003ccode\u003e7e527bc\u003c/code\u003e\u003c/a\u003e feat(internal/types): support eagerly validating pydantic iterators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e\u003ccode\u003e625827c\u003c/code\u003e\u003c/a\u003e feat(api): add service_tier parameter to responses compact method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003e\u003ccode\u003ec85ebd9\u003c/code\u003e\u003c/a\u003e fix(client): add missing f-string prefix in file type error message\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.8.1 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease v5.9.0\u003c/h1\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eCohere2Moe\u003c/h3\u003e\n\u003cp\u003eCommand A+ is a Mixture-of-Experts (MoE) language model from Cohere that features a hybrid attention pattern combining sliding window and full attention layers. The model incorporates both shared and routed experts and supports a very large context window for processing extensive text sequences.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/cohere2_moe\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd new cohere2_moe model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46115\"\u003e#46115\u003c/a\u003e) by \u003ca href=\"https://github.com/Cyrilvallez\"\u003e\u003ccode\u003e@​Cyrilvallez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46115\"\u003e#46115\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eParakeet tdt (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44171\"\u003e#44171\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eParakeet tdt (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44171\"\u003e#44171\u003c/a\u003e) by \u003ca href=\"https://github.com/lmaksym\"\u003e\u003ccode\u003e@​lmaksym\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eHRM-Text\u003c/h3\u003e\n\u003cp\u003eHRM-Text is an improved autoregressive language-modeling variant of the Hierarchical Reasoning Model (HRM) that uses a hierarchical recurrent forward pass with two transformer stacks - one for slow, abstract planning (H) and one for fast, detailed computation (L) - reused inside a nested recurrence. It features PrefixLM attention where instruction tokens attend bidirectionally while response tokens attend causally, per-head sigmoid output gates, and parameterless RMSNorm. The model is designed as a base language model without instruction tuning or chat templates.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/hrm_text\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2506.21734\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd hrm text (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46025\"\u003e#46025\u003c/a\u003e) by \u003ca href=\"https://github.com/abcd1927\"\u003e\u003ccode\u003e@​abcd1927\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46025\"\u003e#46025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking changes\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003etext_embeds\u003c/code\u003e input for SAM3, EdgeTAM, and SAM3-Lite-Text models now expects full text embeddings instead of just pooler outputs, aligning with other models in the library — users must update their inputs accordingly.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e🚨Fix memory leaks caused by lru decorators in vision models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45922\"\u003e#45922\u003c/a\u003e) by \u003ca href=\"https://github.com/yonigozlan\"\u003e\u003ccode\u003e@​yonigozlan\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAudio\u003c/h2\u003e\n\u003cp\u003eAudio support was expanded with the addition of AudioFlamingoNext model checkpoints and improved compilability of audio/vision encoders via standalone pure functions. Additional improvements include better error messaging when loading audio from video files and new documentation for audio/video processors.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003euser friendly error when loading audio from video (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45221\"\u003e#45221\u003c/a\u003e) by \u003ca href=\"https://github.com/eustlb\"\u003e\u003ccode\u003e@​eustlb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45221\"\u003e#45221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[docs] adding audio/video processors (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45795\"\u003e#45795\u003c/a\u003e) by \u003ca href=\"https://github.com/stevhliu\"\u003e\u003ccode\u003e@​stevhliu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45795\"\u003e#45795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport Audio Flamingo Next checkpoints (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44830\"\u003e#44830\u003c/a\u003e) by \u003ca href=\"https://github.com/lashahub\"\u003e\u003ccode\u003e@​lashahub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44830\"\u003e#44830\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract dynamic vision/audio tensors into standalone pure functions (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45396\"\u003e#45396\u003c/a\u003e) by \u003ca href=\"https://github.com/IlyasMoutawwakil\"\u003e\u003ccode\u003e@​IlyasMoutawwakil\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45396\"\u003e#45396\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eGeneration\u003c/h2\u003e\n\u003cp\u003eFixed generation issues including \u003ccode\u003einputs_embeds\u003c/code\u003e and \u003ccode\u003eper_layer_inputs\u003c/code\u003e handling for Gemma4, an \u003ccode\u003eAttributeError\u003c/code\u003e in RAG's \u003ccode\u003egenerate()\u003c/code\u003e caused by missing config fields, and flaky VLM generation tests by blocking special image tokens during sampling.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix Gemma4 generation from inputs_embeds and per_layer_inputs (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46049\"\u003e#46049\u003c/a\u003e) by \u003ca href=\"https://github.com/Cyrilvallez\"\u003e\u003ccode\u003e@​Cyrilvallez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46049\"\u003e#46049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AttributeError in RAG generate() for missing config fields (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46035\"\u003e#46035\u003c/a\u003e) by \u003ca href=\"https://github.com/Sriniketh24\"\u003e\u003ccode\u003e@​Sriniketh24\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46035\"\u003e#46035\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0a2757da521a7a49b8143d9e0c938f08747d682e\"\u003e\u003ccode\u003e0a2757d\u003c/code\u003e\u003c/a\u003e release v5.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e370a7f3f49c3c759cf8c7c01a935ce0e00c3f44\"\u003e\u003ccode\u003ee370a7f\u003c/code\u003e\u003c/a\u003e fix cohere2 tp_plan for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/f59ffd1ef95634f9b0317ec5d8d43d71e3604a10\"\u003e\u003ccode\u003ef59ffd1\u003c/code\u003e\u003c/a\u003e Add new cohere2_moe model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46115\"\u003e#46115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/4f41f261efcfd71ce08db2890b7c632cc9ffc0bc\"\u003e\u003ccode\u003e4f41f26\u003c/code\u003e\u003c/a\u003e [loading] Free up tensors faster inside ConversionOps (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46110\"\u003e#46110\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/d5dd7eed2f7d5b2ccba569e150647ef275e56365\"\u003e\u003ccode\u003ed5dd7ee\u003c/code\u003e\u003c/a\u003e Fix post processing RF-DETR (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46041\"\u003e#46041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0b25f8c49c37530ce9f8742d7a8c19ed8d254d7d\"\u003e\u003ccode\u003e0b25f8c\u003c/code\u003e\u003c/a\u003e [serve] Support for reasoning  (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45690\"\u003e#45690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0df9b7fcaab447c75543598e6d959065c2296a24\"\u003e\u003ccode\u003e0df9b7f\u003c/code\u003e\u003c/a\u003e Fix Gemma4 generation from inputs_embeds and per_layer_inputs (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46049\"\u003e#46049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/38a8b55f22d593c103e8bcc616413e70a5ef03ca\"\u003e\u003ccode\u003e38a8b55\u003c/code\u003e\u003c/a\u003e Parakeet tdt (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/44171\"\u003e#44171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/3428030a179620b01cb598928b6cc7d5e5e60990\"\u003e\u003ccode\u003e3428030\u003c/code\u003e\u003c/a\u003e Remove mask visualization tool from \u003ccode\u003emasking_utils.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46066\"\u003e#46066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/dda06506142a0efe4081a0ab574fbd3c7c72dc37\"\u003e\u003ccode\u003edda0650\u003c/code\u003e\u003c/a\u003e user friendly error when loading audio from video (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45221\"\u003e#45221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.8.1...v5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `huggingface-hub` from 1.14.0 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/huggingface_hub/releases\"\u003ehuggingface-hub's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v1.15.0] Region-aware buckets \u0026amp; repos, \u003ccode\u003ehf skills list\u003c/code\u003e, polished CLI help and more\u003c/h2\u003e\n\u003ch2\u003e🌍 Pick a region when creating buckets and repos\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003ecreate_bucket\u003c/code\u003e and \u003ccode\u003ecreate_repo\u003c/code\u003e now accept an optional \u003ccode\u003eregion\u003c/code\u003e argument (\u003ccode\u003e\u0026quot;us\u0026quot;\u003c/code\u003e or \u003ccode\u003e\u0026quot;eu\u0026quot;\u003c/code\u003e) so you can pin a new bucket or repo to a specific cloud region at creation time. The same option is exposed on the CLI via a \u003ccode\u003e--region\u003c/code\u003e flag on \u003ccode\u003ehf buckets create\u003c/code\u003e and \u003ccode\u003ehf repos create\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\u0026gt;\u0026gt;\u0026gt; from huggingface_hub import create_bucket, create_repo\r\n\u0026gt;\u0026gt;\u0026gt; create_bucket(\u0026quot;my-bucket\u0026quot;, region=\u0026quot;us\u0026quot;)\r\n\u0026gt;\u0026gt;\u0026gt; create_repo(\u0026quot;my-model\u0026quot;, region=\u0026quot;eu\u0026quot;)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e$ hf buckets create my-bucket --region us\r\n$ hf repos create username/my-model --region eu\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003e[Bucket/Repo] Support 'region' option in create_bucket and create_repo by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4194\"\u003e#4194\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧩 Discover marketplace skills with \u003ccode\u003ehf skills list\u003c/code\u003e\u003c/h2\u003e\n\u003cp\u003eA new \u003ccode\u003ehf skills list\u003c/code\u003e (alias \u003ccode\u003els\u003c/code\u003e) command lists every skill available in the Hugging Face marketplace and shows whether each one is already installed in the four supported locations (project, global, project Claude, global Claude). Handy when you want to check what's installable and what you've already got before running \u003ccode\u003ehf skills add\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e$ hf skills ls\r\nNAME                        DESCRIPTION                         PROJECT PROJECT (CLAUDE) GLOBAL GLOBAL (CLAUDE)\r\n--------------------------- ----------------------------------- ------- ---------------- ------ ---------------\r\nhf-cli                      Execute Hugging Face Hub operati...     yes              yes    yes             yes                                \r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003e[CLI] Add \u003ccode\u003ehf skills list\u003c/code\u003e command by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4180\"\u003e#4180\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🎨 Polished \u003ccode\u003e--help\u003c/code\u003e output with ANSI styling\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003ehf --help\u003c/code\u003e and every subcommand now render with underlined section headings and bold option/command names, making the help screens much easier to scan in a terminal. The new styling is automatically disabled when \u003ccode\u003eNO_COLOR\u003c/code\u003e is set or when the CLI detects it's running under an AI agent, so script and agent output stays clean.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CLI] Pretty-print \u003ccode\u003e--help\u003c/code\u003e with ANSI styling by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4192\"\u003e#4192\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🖥️ CLI\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CLI] Check Homebrew registry for updates when installed via brew by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4204\"\u003e#4204\u003c/a\u003e — \u003ccode\u003ehf update\u003c/code\u003e no longer suggests a version that isn't on \u003ccode\u003ebrew\u003c/code\u003e yet for Homebrew installs.\u003c/li\u003e\n\u003cli\u003e[CLI] No traceback on LocalEntryNotFoundError by \u003ca href=\"https://github.com/Wauplin\"\u003e\u003ccode\u003e@​Wauplin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4190\"\u003e#4190\u003c/a\u003e — offline/cache-miss errors now print a clean message instead of a Python traceback (set \u003ccode\u003eHF_DEBUG=1\u003c/code\u003e for the full stack).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug and typo fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake HF_HUB_ENABLE_HF_TRANSFER deprecation warning visible to users by \u003ca href=\"https://github.com/Adithya191101\"\u003e\u003ccode\u003e@​Adithya191101\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4220\"\u003e#4220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix hint message to use 'hf skills update' by \u003ca href=\"https://github.com/Pierrci\"\u003e\u003ccode\u003e@​Pierrci\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4206\"\u003e#4206\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📖 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[docs] Drop duplicated Key Features list from hf jobs CLI section by \u003ca href=\"https://github.com/davanstrien\"\u003e\u003ccode\u003e@​davanstrien\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4222\"\u003e#4222\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/bb6d939c601785c0d2ee23a261a2f49dfd08e394\"\u003e\u003ccode\u003ebb6d939\u003c/code\u003e\u003c/a\u003e Release: v1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/69413ea8a75f820235b57ffdce872fa5845496cd\"\u003e\u003ccode\u003e69413ea\u003c/code\u003e\u003c/a\u003e Release: v1.15.0.rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/dee49643a7c5f8c78d908d747f5e7242755fb032\"\u003e\u003ccode\u003edee4964\u003c/code\u003e\u003c/a\u003e Make HF_HUB_ENABLE_HF_TRANSFER deprecation warning visible to users (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4220\"\u003e#4220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/7023faf3b9d443c06f68c6a508d2150f3b9704b4\"\u003e\u003ccode\u003e7023faf\u003c/code\u003e\u003c/a\u003e [docs] Drop duplicated Key Features list from hf jobs CLI section (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4222\"\u003e#4222\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/1f57da2ffb989f6ad991fa935a1695ff98a4e484\"\u003e\u003ccode\u003e1f57da2\u003c/code\u003e\u003c/a\u003e Only sync skill if SKILL.md has changed (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4210\"\u003e#4210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/9c05199c41e8a1dc20082a25af2d6927a4c21002\"\u003e\u003ccode\u003e9c05199\u003c/code\u003e\u003c/a\u003e Fix hint message to use 'hf skills update' (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4206\"\u003e#4206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/230c624a2aa8c61835b75574d45d446e0f9a6f07\"\u003e\u003ccode\u003e230c624\u003c/code\u003e\u003c/a\u003e [CLI] No traceback on LocalEntryNotFoundError (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4190\"\u003e#4190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/3d85543db77d91e3400b2d95d120e634ee31f4ec\"\u003e\u003ccode\u003e3d85543\u003c/code\u003e\u003c/a\u003e [CLI] Add \u003ccode\u003ehf skills list\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4180\"\u003e#4180\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/04195e041bd4bfbb5c5c8f32308106ea6590cd97\"\u003e\u003ccode\u003e04195e0\u003c/code\u003e\u003c/a\u003e [CLI] Pretty-print \u003ccode\u003e--help\u003c/code\u003e with ANSI styling (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4192\"\u003e#4192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/huggingface_hub/commit/0c75ef9205338d08e1c4531e8339be080f03820c\"\u003e\u003ccode\u003e0c75ef9\u003c/code\u003e\u003c/a\u003e [CLI] Check Homebrew registry for updates when installed via brew (\u003ca href=\"https://redirect.github.com/huggingface/huggingface_hub/issues/4204\"\u003e#4204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/huggingface_hub/compare/v1.14.0...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Xelanidog/LoiClair/pull/57","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xelanidog%2FLoiClair/issues/57","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/57/packages"}},{"old_version":"4.9.1","new_version":"6.1.0","update_type":"major","path":null,"pr_created_at":"2026-05-19T23:50:15.000Z","version_change":"4.9.1 → 6.1.0","issue":{"uuid":"4481937417","node_id":"PR_kwDOOx5pCM7dTHL-","number":175,"state":"open","title":"chore(deps): bump the pip group across 20 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T23:50:15.000Z","updated_at":"2026-05-19T23:51:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"certifi","old_version":"2022.12.7","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"cryptography","old_version":"36.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"h11","old_version":"0.13.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.3","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"4.9.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"pyopenssl","old_version":"22.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"requests","old_version":"2.27.1","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"tqdm","old_version":"4.63.0","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"urllib3","old_version":"1.26.19","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /examples/benchmarks/ADARNN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ADD directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/ALSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GATs directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/GRU directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/HIST directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/IGMTF directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/LSTM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Localformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/MLP directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/SFM directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCN directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TCTS directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/TFT directory: [tensorflow-gpu](https://github.com/tensorflow/tensorflow).\nBumps the pip group with 2 updates in the /examples/benchmarks/TRA directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 2 updates in the /examples/benchmarks/TabNet directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks/Transformer directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/benchmarks_dynamic/DDG-DA directory: [torch](https://github.com/pytorch/pytorch).\nBumps the pip group with 1 update in the /examples/hyperparameter/LightGBM directory: [lightgbm](https://github.com/microsoft/LightGBM).\nBumps the pip group with 9 updates in the /scripts/data_collector/br_index directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2022.12.7` | `2024.7.4` |\n| [cryptography](https://github.com/pyca/cryptography) | `36.0.1` | `46.0.7` |\n| [h11](https://github.com/python-hyper/h11) | `0.13.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.3` | `3.15` |\n| [lxml](https://github.com/lxml/lxml) | `4.9.1` | `6.1.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.0.0` | `26.0.0` |\n| [requests](https://github.com/psf/requests) | `2.27.1` | `2.33.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.63.0` | `4.66.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.19` | `2.7.0` |\n\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.8.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/blob/main/RELEASE.md\"\u003etorch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleasing PyTorch\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-compatibility-matrix\"\u003eRelease Compatibility Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-cuda-support-matrix\"\u003ePyTorch CUDA Support Matrix\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-cadence\"\u003eRelease Cadence\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#general-overview\"\u003eGeneral Overview\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#frequently-asked-questions\"\u003eFrequently Asked Questions\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-a-release-branch-preparations\"\u003eCutting a release branch preparations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cutting-release-branches\"\u003eCutting release branches\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorchpytorch\"\u003e\u003ccode\u003epytorch/pytorch\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#pytorch-ecosystem-libraries\"\u003ePyTorch ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-pytorch\"\u003eMaking release branch specific changes for PyTorch\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#making-release-branch-specific-changes-for-ecosystem-libraries\"\u003eMaking release branch specific changes for ecosystem libraries\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#running-launch-execution-team-core-xfn-sync\"\u003eRunning Launch Execution team Core XFN sync\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"#drafting-rcs-release-candidates-for-pytorch-and-domain-libraries\"\u003eDrafting RCs (https://github.com/pytorch/pytorch/blob/main/Release Candidates) for PyTorch and domain libraries\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-storage\"\u003eRelease Candidate Storage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#release-candidate-health-validation\"\u003eRelease Candidate health validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-fixes\"\u003eCherry Picking Fixes\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#how-to-do-cherry-picking\"\u003eHow to do Cherry Picking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#cherry-picking-reverts\"\u003eCherry Picking Reverts\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#preparing-and-creating-final-release-candidate\"\u003ePreparing and Creating Final Release Candidate\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#promoting-rcs-to-stable\"\u003ePromoting RCs to Stable\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#additional-steps-to-prepare-for-release-day\"\u003eAdditional Steps to prepare for release day\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#modify-release-matrix\"\u003eModify release matrix\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#open-google-colab-issue\"\u003eOpen Google Colab issue\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-releases\"\u003ePatch Releases\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-criteria\"\u003ePatch Release Criteria\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process\"\u003ePatch Release Process\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#patch-release-process-description\"\u003ePatch Release Process Description\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triage\"\u003eTriage\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#issue-tracker-for-patch-releases\"\u003eIssue Tracker for Patch releases\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-a-release-schedule--cherry-picking\"\u003eBuilding a release schedule / cherry picking\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#building-binaries--promotion-to-stable\"\u003eBuilding Binaries / Promotion to Stable\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#hardware--software-support-in-binary-build-matrix\"\u003eHardware / Software Support in Binary Build Matrix\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#python\"\u003ePython\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#accelerator-software\"\u003eAccelerator Software\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-support-cases\"\u003eSpecial support cases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#operating-systems\"\u003eOperating Systems\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#submitting-tutorials\"\u003eSubmitting Tutorials\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#special-topics\"\u003eSpecial Topics\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#updating-submodules-for-a-release\"\u003eUpdating submodules for a release\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/main/#triton-dependency-for-the-release\"\u003eTriton dependency for the release\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eRelease Compatibility Matrix\u003c/h2\u003e\n\u003cp\u003eFollowing is the Release Compatibility Matrix for PyTorch releases:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/ba56102387ef21a3b04b357e5b183d48f0afefc7\"\u003e\u003ccode\u003eba56102\u003c/code\u003e\u003c/a\u003e Cherrypick: Add the RunLLM widget to the website (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/159592\"\u003e#159592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c525a02c89217181b5731d8043c7309a84e84066\"\u003e\u003ccode\u003ec525a02\u003c/code\u003e\u003c/a\u003e [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/15\"\u003e#15\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a1cb3cc05d46d198467bebbb6e8fba50a325d4e7\"\u003e\u003ccode\u003ea1cb3cc\u003c/code\u003e\u003c/a\u003e [Release Only] Remove nvshmem from list of preload libraries (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158925\"\u003e#158925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/c76b2356bc31654de2af0c98cce1bef291f06f89\"\u003e\u003ccode\u003ec76b235\u003c/code\u003e\u003c/a\u003e Move out super large one off foreach_copy test (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158880\"\u003e#158880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/20a0e225a01d4ebbffd44a6a59acff628359c772\"\u003e\u003ccode\u003e20a0e22\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Dynamo] Allow inlining into AO quantization modules (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/152934\"\u003e#152934\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158\"\u003e#158\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9167ac8c75481e2beb3746aa37b7f48a213c631e\"\u003e\u003ccode\u003e9167ac8\u003c/code\u003e\u003c/a\u003e [MPS] Switch Cholesky  decomp to column wise (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158237\"\u003e#158237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5534685c62399db8d1e51b47e2dcbc17deaab230\"\u003e\u003ccode\u003e5534685\u003c/code\u003e\u003c/a\u003e [MPS] Reimplement \u003ccode\u003etri[ul]\u003c/code\u003e as Metal shaders (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158867\"\u003e#158867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/d19e08d74b2a27e661bf57a9015014b757e8ea31\"\u003e\u003ccode\u003ed19e08d\u003c/code\u003e\u003c/a\u003e Cherry pick PR 158746 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158801\"\u003e#158801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/a6c044ab9aa14f0864c6a572f7c023432511c5ea\"\u003e\u003ccode\u003ea6c044a\u003c/code\u003e\u003c/a\u003e [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/620ebd0646252bbb22524f5c252ec7e9ab977bee\"\u003e\u003ccode\u003e620ebd0\u003c/code\u003e\u003c/a\u003e [Dynamo] Use proper sources for constructing dataclass defaults (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/158689\"\u003e#158689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v1.7.0...v2.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 0.23.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/0.23.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 1.7.0 to 2.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/qlib/pull/175","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Fqlib/issues/175","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/175/packages"}},{"old_version":"6.0.4","new_version":"6.1.1","update_type":"minor","path":null,"pr_created_at":"2026-05-19T10:45:11.000Z","version_change":"6.0.4 → 6.1.1","issue":{"uuid":"4476682648","node_id":"PR_kwDOR0tLLM7dB9Hg","number":59,"state":"open","title":"chore(deps): bump the python-non-major group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T10:45:11.000Z","updated_at":"2026-05-19T10:51:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-non-major","update_count":28,"packages":[{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"lxml","old_version":"6.0.4","new_version":"6.1.1","repository_url":"https://github.com/lxml/lxml"},{"name":"ruff","old_version":"0.14.8","new_version":"0.15.13","repository_url":"https://github.com/astral-sh/ruff"},{"name":"datamodel-code-generator","old_version":"0.45.0","new_version":"0.57.0","repository_url":"https://github.com/koxudaxi/datamodel-code-generator"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"presidio-analyzer","old_version":"2.2.361","new_version":"2.2.362","repository_url":"https://github.com/Microsoft/presidio"},{"name":"spacy","old_version":"3.8.11","new_version":"3.8.14","repository_url":"https://github.com/explosion/spaCy"},{"name":"torch","old_version":"2.10.0","new_version":"2.12.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"onnxruntime","old_version":"1.24.2","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"pillow","old_version":"12.1.1","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"datasketch","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/ekzhu/datasketch"},{"name":"sentence-transformers","old_version":"5.2.3","new_version":"5.5.0","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"datasets","old_version":"4.6.0","new_version":"4.8.5","repository_url":"https://github.com/huggingface/datasets"},{"name":"gliner2","old_version":"1.3.0","new_version":"1.3.1","repository_url":"https://github.com/fastino-ai/GLiNER2"},{"name":"chardet","old_version":"7.4.2","new_version":"7.4.3","repository_url":"https://github.com/chardet/chardet"},{"name":"docling","old_version":"2.93.0","new_version":"2.94.0","repository_url":"https://github.com/docling-project/docling"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pymysql","old_version":"1.1.2","new_version":"1.2.0","repository_url":"https://github.com/PyMySQL/PyMySQL"},{"name":"databricks-sql-connector","old_version":"4.2.5","new_version":"4.2.6","repository_url":"https://github.com/databricks/databricks-sql-python"},{"name":"snowflake-connector-python","old_version":"4.3.0","new_version":"4.5.0","repository_url":"https://github.com/snowflakedb/snowflake-connector-python"},{"name":"pymongo","old_version":"4.16.0","new_version":"4.17.0","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"boto3","old_version":"1.42.56","new_version":"1.43.10","repository_url":"https://github.com/boto/boto3"},{"name":"azure-storage-blob","old_version":"12.28.0","new_version":"12.29.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"azure-identity","old_version":"1.25.2","new_version":"1.25.3","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"google-cloud-storage","old_version":"3.9.0","new_version":"3.10.1","repository_url":"https://github.com/googleapis/python-storage"},{"name":"opentelemetry-sdk","old_version":"1.41.0","new_version":"1.42.0","repository_url":"https://github.com/open-telemetry/opentelemetry-python"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-non-major group with 27 updates in the /apps/cli directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.4` | `6.1.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.8` | `0.15.13` |\n| [datamodel-code-generator](https://github.com/koxudaxi/datamodel-code-generator) | `0.45.0` | `0.57.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [presidio-analyzer](https://github.com/Microsoft/presidio) | `2.2.361` | `2.2.362` |\n| [spacy](https://github.com/explosion/spaCy) | `3.8.11` | `3.8.14` |\n| [torch](https://github.com/pytorch/pytorch) | `2.10.0` | `2.12.0` |\n| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.24.2` | `1.26.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.1` | `12.2.0` |\n| [datasketch](https://github.com/ekzhu/datasketch) | `1.9.0` | `1.10.0` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.2.3` | `5.5.0` |\n| [datasets](https://github.com/huggingface/datasets) | `4.6.0` | `4.8.5` |\n| [gliner2](https://github.com/fastino-ai/GLiNER2) | `1.3.0` | `1.3.1` |\n| [chardet](https://github.com/chardet/chardet) | `7.4.2` | `7.4.3` |\n| [docling](https://github.com/docling-project/docling) | `2.93.0` | `2.94.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.2` | `1.2.0` |\n| [databricks-sql-connector](https://github.com/databricks/databricks-sql-python) | `4.2.5` | `4.2.6` |\n| [snowflake-connector-python](https://github.com/snowflakedb/snowflake-connector-python) | `4.3.0` | `4.5.0` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.16.0` | `4.17.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.56` | `1.43.10` |\n| [azure-storage-blob](https://github.com/Azure/azure-sdk-for-python) | `12.28.0` | `12.29.0` |\n| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.25.2` | `1.25.3` |\n| [google-cloud-storage](https://github.com/googleapis/python-storage) | `3.9.0` | `3.10.1` |\n| [opentelemetry-sdk](https://github.com/open-telemetry/opentelemetry-python) | `1.41.0` | `1.42.0` |\n\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/v2.13.4/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.4 to 6.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.1 (2026-05-18)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eThe known link attributes in \u003ccode\u003elxml.html.defs.link_attrs\u003c/code\u003e were missing \u003ccode\u003exlink:href\u003c/code\u003e,\nwhich can be used for URL bypass attacks in embedded SVG/MathML/etc. content.\n\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\"\u003ehttps://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-4jhm-jv67-739f\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Linux wheels use a patched libxslt 1.1.43, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 and CVE-2025-11731.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/b4a4c595fb875d6f50ae113449834209a364643a\"\u003e\u003ccode\u003eb4a4c59\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/a116dcbe671a792dd65bc73f53a8209e7d7c25ff\"\u003e\u003ccode\u003ea116dcb\u003c/code\u003e\u003c/a\u003e Fix typo: type annotions -\u0026gt; type annotations in PEP 560 comments (\u003ca href=\"https://redirect.github.com/lxml/lxml/issues/504\"\u003eGH-504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/7287a75eedc4cdc247a7937d09013e936c34ace6\"\u003e\u003ccode\u003e7287a75\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5927a6d5e851845140975d99b65461e255caaab0\"\u003e\u003ccode\u003e5927a6d\u003c/code\u003e\u003c/a\u003e Add missing \u0026quot;xlink:href\u0026quot; to the known HTML link attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/23efeb4910e43e9545b754ce1f138d91ed5cc25c\"\u003e\u003ccode\u003e23efeb4\u003c/code\u003e\u003c/a\u003e Build: Fix build in Py3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/2c0563b3e8c272e62667c7850612347f65d2952e\"\u003e\u003ccode\u003e2c0563b\u003c/code\u003e\u003c/a\u003e Build: Add bug patch for libxslt 1.1.43 and apply it during the static librar...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/8a35fcc3ed53975c762867c3ac8ae318c7960be7\"\u003e\u003ccode\u003e8a35fcc\u003c/code\u003e\u003c/a\u003e Fix doctest in PyPy3.9.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.4...lxml-6.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.8 to 0.15.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.13\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-14.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a rule to flag lazy imports that are eagerly evaluated (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25016\"\u003e#25016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Standardize diagnostic message (\u003ccode\u003ePLR0914\u003c/code\u003e, \u003ccode\u003ePLR0917\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24996\"\u003e#24996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eF811\u003c/code\u003e false positive for class methods (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24933\"\u003e#24933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix setting selection for multi-folder workspace (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24819\"\u003e#24819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix false positive for lines with leading whitespace (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25122\"\u003e#25122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pyi\u003c/code\u003e] Fix false positive for f-string debug specifier (\u003ccode\u003ePYI016\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24098\"\u003e#24098\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways include panic payload in panic diagnostic message (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24873\"\u003e#24873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict \u003ccode\u003ePYI034\u003c/code\u003e for in-place operations to enclosing class (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24511\"\u003e#24511\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error message for parameters that are declared \u003ccode\u003eglobal\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24902\"\u003e#24902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known stdlib (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25103\"\u003e#25103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd TOML examples to \u003ccode\u003e--config\u003c/code\u003e help text (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25013\"\u003e#25013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eColorize ruff check 'All checks passed' (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25085\"\u003e#25085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIncrease max allowed value of \u003ccode\u003eline-length\u003c/code\u003e setting (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24962\"\u003e#24962\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eD203\u003c/code\u003e to rules that conflict with the formatter (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25044\"\u003e#25044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify \u003ccode\u003eCOM819\u003c/code\u003e and formatter interaction (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25045\"\u003e#25045\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClarify that \u003ccode\u003eNotImplemented\u003c/code\u003e is a value, not an exception (\u003ccode\u003eF901\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25054\"\u003e#25054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate number of lint rules supported (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24942\"\u003e#24942\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSimplify the playground's markdown template (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24924\"\u003e#24924\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2afb467ce397e4a89c13a0a814c62cfecb0e9e49\"\u003e\u003ccode\u003e2afb467\u003c/code\u003e\u003c/a\u003e Bump 0.15.13 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25157\"\u003e#25157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/300879600fa3af7cde1e675c63de6ad9d0797d1b\"\u003e\u003ccode\u003e3008796\u003c/code\u003e\u003c/a\u003e [ty] classify TypeVar semantic tokens as type parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24891\"\u003e#24891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/79470e31877acb6074f3bbff2a49e508822ae4e8\"\u003e\u003ccode\u003e79470e3\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eisort\u003c/code\u003e] Avoid constructing \u003ccode\u003eglob::Pattern\u003c/code\u003es for literal known modules (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25123\"\u003e#25123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/2522549901d50f18775999f0fb802b19229417f0\"\u003e\u003ccode\u003e2522549\u003c/code\u003e\u003c/a\u003e Remove shellcheck from prek (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25154\"\u003e#25154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7db7170020f539d6d2bc01dbd0b0c09fab91dc06\"\u003e\u003ccode\u003e7db7170\u003c/code\u003e\u003c/a\u003e [ty] Support TypedDict key completions in incomplete, anonymous contexts (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25\"\u003e#25\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bb3dd535f1c5a83e2e56ac93a771fadbeeceebd0\"\u003e\u003ccode\u003ebb3dd53\u003c/code\u003e\u003c/a\u003e [ty] Run full iteration analysis on narrowed typevars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25143\"\u003e#25143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/828cdb7732efcb16a53f4ee5f011cf653b834d1a\"\u003e\u003ccode\u003e828cdb7\u003c/code\u003e\u003c/a\u003e [ty] Isolate file-watching test environment (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25151\"\u003e#25151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/89e1d8670ea4d3af60c8143ee552dc750200718d\"\u003e\u003ccode\u003e89e1d86\u003c/code\u003e\u003c/a\u003e [ty] Preserve TypedDict keys through dict unpacking (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/24523\"\u003e#24523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/86f3064d6fffa5697d174f26b840bd6857b381da\"\u003e\u003ccode\u003e86f3064\u003c/code\u003e\u003c/a\u003e [ty] Avoid accessing \u003ccode\u003eargs[0]\u003c/code\u003e for \u003ccode\u003estatic_assert\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25149\"\u003e#25149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/ed819f947dc27e36eac8bb3134153c4668d76a3a\"\u003e\u003ccode\u003eed819f9\u003c/code\u003e\u003c/a\u003e [ty] Treat custom enum \u003ccode\u003e__new__\u003c/code\u003e values as dynamic (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25136\"\u003e#25136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.14.8...0.15.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `datamodel-code-generator` from 0.45.0 to 0.57.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/releases\"\u003edatamodel-code-generator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.57.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch3\u003eCode Generation Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e--use-default\u003c/code\u003e no longer makes required fields nullable - Previously, \u003ccode\u003e--use-default\u003c/code\u003e turned required fields into optional nullable fields (e.g., \u003ccode\u003estatus: str | None = 'active'\u003c/code\u003e). Now required fields keep their original non-nullable type and just get the default value rendered (e.g., \u003ccode\u003estatus: str = 'active'\u003c/code\u003e). Users whose downstream code depends on these fields being \u003ccode\u003eOptional\u003c/code\u003e/nullable will need to update. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequired model-ref fields no longer render defaults without \u003ccode\u003e--use-default\u003c/code\u003e - Previously, required fields referencing models (e.g., \u003ccode\u003eshipping_address: Address\u003c/code\u003e) inconsistently rendered defaults with \u003ccode\u003evalidate_default=True\u003c/code\u003e while scalar required fields did not. Now all required fields consistently omit defaults unless \u003ccode\u003e--use-default\u003c/code\u003e is passed. Users who relied on the previous behavior where model-ref required fields had defaults rendered will see those defaults removed. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Template Update Required\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuilt-in Jinja2 templates now use \u003ccode\u003efield.use_default_with_required\u003c/code\u003e - The built-in templates for \u003ccode\u003eBaseModel\u003c/code\u003e, \u003ccode\u003edataclass\u003c/code\u003e, \u003ccode\u003epydantic_v2/dataclass\u003c/code\u003e, and \u003ccode\u003emsgspec\u003c/code\u003e were updated to check \u003ccode\u003efield.use_default_with_required\u003c/code\u003e alongside \u003ccode\u003efield.required\u003c/code\u003e when deciding whether to render defaults. Custom templates that replicate the old default-rendering logic (e.g., \u003ccode\u003e{%- if not field.required %}\u003c/code\u003e) will still work but won't support the new \u003ccode\u003e--use-default\u003c/code\u003e behavior for required fields. To get the updated behavior, custom templates should change conditions like \u003ccode\u003enot field.required\u003c/code\u003e to \u003ccode\u003e(not field.required or field.use_default_with_required)\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden workflow credentials by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3095\"\u003ekoxudaxi/datamodel-code-generator#3095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release automation workflows by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3110\"\u003ekoxudaxi/datamodel-code-generator#3110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce shared assertions in e2e tests by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3108\"\u003ekoxudaxi/datamodel-code-generator#3108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docs preview required check by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3112\"\u003ekoxudaxi/datamodel-code-generator#3112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix required field default rendering and --use-default nullable types by \u003ca href=\"https://github.com/butvinm\"\u003e\u003ccode\u003e@​butvinm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3054\"\u003ekoxudaxi/datamodel-code-generator#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused CLI doc schema version lookup by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3113\"\u003ekoxudaxi/datamodel-code-generator#3113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix byte to binary type mapping by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3114\"\u003ekoxudaxi/datamodel-code-generator#3114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate generated docs sync PRs by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3117\"\u003ekoxudaxi/datamodel-code-generator#3117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport local HTTP ref paths by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3116\"\u003ekoxudaxi/datamodel-code-generator#3116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix reuse discriminator literals by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3115\"\u003ekoxudaxi/datamodel-code-generator#3115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocstrings that can be single line to be formatted on a single line by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3107\"\u003ekoxudaxi/datamodel-code-generator#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix indefinite hang on OpenAPI schemas with cyclic model dependencies by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3078\"\u003ekoxudaxi/datamodel-code-generator#3078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAPI enum literal alias regression test by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3124\"\u003ekoxudaxi/datamodel-code-generator#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pydantic model extra warnings by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3127\"\u003ekoxudaxi/datamodel-code-generator#3127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix snake case array discriminator by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3125\"\u003ekoxudaxi/datamodel-code-generator#3125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix serialization alias choices by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3126\"\u003ekoxudaxi/datamodel-code-generator#3126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix generated docs sync prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3129\"\u003ekoxudaxi/datamodel-code-generator#3129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd manual generated docs sync trigger by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3130\"\u003ekoxudaxi/datamodel-code-generator#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse source tree for generated prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3132\"\u003ekoxudaxi/datamodel-code-generator#3132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate enum member descriptions for anyOf const pattern by \u003ca href=\"https://github.com/mvanhorn\"\u003e\u003ccode\u003e@​mvanhorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3133\"\u003ekoxudaxi/datamodel-code-generator#3133\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/blob/main/CHANGELOG.md\"\u003edatamodel-code-generator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/releases/tag/0.57.0\"\u003e0.57.0\u003c/a\u003e - 2026-05-07\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch3\u003eCode Generation Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e--use-default\u003c/code\u003e no longer makes required fields nullable - Previously, \u003ccode\u003e--use-default\u003c/code\u003e turned required fields into optional nullable fields (e.g., \u003ccode\u003estatus: str | None = 'active'\u003c/code\u003e). Now required fields keep their original non-nullable type and just get the default value rendered (e.g., \u003ccode\u003estatus: str = 'active'\u003c/code\u003e). Users whose downstream code depends on these fields being \u003ccode\u003eOptional\u003c/code\u003e/nullable will need to update. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequired model-ref fields no longer render defaults without \u003ccode\u003e--use-default\u003c/code\u003e - Previously, required fields referencing models (e.g., \u003ccode\u003eshipping_address: Address\u003c/code\u003e) inconsistently rendered defaults with \u003ccode\u003evalidate_default=True\u003c/code\u003e while scalar required fields did not. Now all required fields consistently omit defaults unless \u003ccode\u003e--use-default\u003c/code\u003e is passed. Users who relied on the previous behavior where model-ref required fields had defaults rendered will see those defaults removed. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCustom Template Update Required\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuilt-in Jinja2 templates now use \u003ccode\u003efield.use_default_with_required\u003c/code\u003e - The built-in templates for \u003ccode\u003eBaseModel\u003c/code\u003e, \u003ccode\u003edataclass\u003c/code\u003e, \u003ccode\u003epydantic_v2/dataclass\u003c/code\u003e, and \u003ccode\u003emsgspec\u003c/code\u003e were updated to check \u003ccode\u003efield.use_default_with_required\u003c/code\u003e alongside \u003ccode\u003efield.required\u003c/code\u003e when deciding whether to render defaults. Custom templates that replicate the old default-rendering logic (e.g., \u003ccode\u003e{%- if not field.required %}\u003c/code\u003e) will still work but won't support the new \u003ccode\u003e--use-default\u003c/code\u003e behavior for required fields. To get the updated behavior, custom templates should change conditions like \u003ccode\u003enot field.required\u003c/code\u003e to \u003ccode\u003e(not field.required or field.use_default_with_required)\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3054\"\u003e#3054\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden workflow credentials by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3095\"\u003ekoxudaxi/datamodel-code-generator#3095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release automation workflows by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3110\"\u003ekoxudaxi/datamodel-code-generator#3110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnforce shared assertions in e2e tests by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3108\"\u003ekoxudaxi/datamodel-code-generator#3108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix docs preview required check by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3112\"\u003ekoxudaxi/datamodel-code-generator#3112\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix required field default rendering and --use-default nullable types by \u003ca href=\"https://github.com/butvinm\"\u003e\u003ccode\u003e@​butvinm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3054\"\u003ekoxudaxi/datamodel-code-generator#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused CLI doc schema version lookup by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3113\"\u003ekoxudaxi/datamodel-code-generator#3113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix byte to binary type mapping by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3114\"\u003ekoxudaxi/datamodel-code-generator#3114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate generated docs sync PRs by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3117\"\u003ekoxudaxi/datamodel-code-generator#3117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport local HTTP ref paths by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3116\"\u003ekoxudaxi/datamodel-code-generator#3116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix reuse discriminator literals by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3115\"\u003ekoxudaxi/datamodel-code-generator#3115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocstrings that can be single line to be formatted on a single line by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3107\"\u003ekoxudaxi/datamodel-code-generator#3107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix indefinite hang on OpenAPI schemas with cyclic model dependencies by \u003ca href=\"https://github.com/kevin-paulson-mindbridge-ai\"\u003e\u003ccode\u003e@​kevin-paulson-mindbridge-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3078\"\u003ekoxudaxi/datamodel-code-generator#3078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OpenAPI enum literal alias regression test by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3124\"\u003ekoxudaxi/datamodel-code-generator#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pydantic model extra warnings by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3127\"\u003ekoxudaxi/datamodel-code-generator#3127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix snake case array discriminator by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3125\"\u003ekoxudaxi/datamodel-code-generator#3125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix serialization alias choices by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3126\"\u003ekoxudaxi/datamodel-code-generator#3126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix generated docs sync prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3129\"\u003ekoxudaxi/datamodel-code-generator#3129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd manual generated docs sync trigger by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3130\"\u003ekoxudaxi/datamodel-code-generator#3130\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse source tree for generated prompt snapshots by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3132\"\u003ekoxudaxi/datamodel-code-generator#3132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate enum member descriptions for anyOf const pattern by \u003ca href=\"https://github.com/mvanhorn\"\u003e\u003ccode\u003e@​mvanhorn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3133\"\u003ekoxudaxi/datamodel-code-generator#3133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow generated prompt snapshot updates by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3134\"\u003ekoxudaxi/datamodel-code-generator#3134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWrite generated prompt snapshots directly by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3135\"\u003ekoxudaxi/datamodel-code-generator#3135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve tox python preference for generated docs by \u003ca href=\"https://github.com/koxudaxi\"\u003e\u003ccode\u003e@​koxudaxi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3136\"\u003ekoxudaxi/datamodel-code-generator#3136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSync generated docs by \u003ca href=\"https://github.com/dcg-generated-docs\"\u003e\u003ccode\u003e@​dcg-generated-docs\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3137\"\u003ekoxudaxi/datamodel-code-generator#3137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mvanhorn\"\u003e\u003ccode\u003e@​mvanhorn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3133\"\u003ekoxudaxi/datamodel-code-generator#3133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dcg-generated-docs\"\u003e\u003ccode\u003e@​dcg-generated-docs\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3137\"\u003ekoxudaxi/datamodel-code-generator#3137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/compare/0.56.1...0.57.0\"\u003ehttps://github.com/koxudaxi/datamodel-code-generator/compare/0.56.1...0.57.0\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/releases/tag/0.56.1\"\u003e0.56.1\u003c/a\u003e - 2026-04-16\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e--base-class-map\u003c/code\u003e and \u003ccode\u003e--enum-field-as-literal-map\u003c/code\u003e long inline json support by \u003ca href=\"https://github.com/ilovelinux\"\u003e\u003ccode\u003e@​ilovelinux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/pull/3075\"\u003ekoxudaxi/datamodel-code-generator#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/d0aa6ab9912603a5e8b7c78ff62a1893078542d4\"\u003e\u003ccode\u003ed0aa6ab\u003c/code\u003e\u003c/a\u003e docs: sync generated docs (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3137\"\u003e#3137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/7bd643f3dacdd9f09093bc06a61b0eef49319451\"\u003e\u003ccode\u003e7bd643f\u003c/code\u003e\u003c/a\u003e Preserve tox python preference for generated docs (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/64f218a5711dfde954e50eb6b50c47b254fd35b4\"\u003e\u003ccode\u003e64f218a\u003c/code\u003e\u003c/a\u003e Write generated prompt snapshots directly (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3135\"\u003e#3135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/a7d1e9c47a8603ffd7668264a4e8fe02553d0f90\"\u003e\u003ccode\u003ea7d1e9c\u003c/code\u003e\u003c/a\u003e Allow generated prompt snapshot updates (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3134\"\u003e#3134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/9210c193922c52949e288e8f68e195d56acd34b4\"\u003e\u003ccode\u003e9210c19\u003c/code\u003e\u003c/a\u003e Propagate enum member descriptions for anyOf const pattern (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3133\"\u003e#3133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/928ba552f4190f0b4c2390d135dcbbb6048ddfc3\"\u003e\u003ccode\u003e928ba55\u003c/code\u003e\u003c/a\u003e Use source tree for generated prompt snapshots (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3132\"\u003e#3132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/b59971413184e9151882cb0b5906acbf3b3f4df8\"\u003e\u003ccode\u003eb599714\u003c/code\u003e\u003c/a\u003e Add manual generated docs sync trigger (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3130\"\u003e#3130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/93f2bce292f82fde15fe7ad8d4e0eeb2c7fdbb12\"\u003e\u003ccode\u003e93f2bce\u003c/code\u003e\u003c/a\u003e Fix generated docs sync prompt snapshots (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3129\"\u003e#3129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/919f191f896af8bf62d7aafe9e19a98cf9a05efc\"\u003e\u003ccode\u003e919f191\u003c/code\u003e\u003c/a\u003e Fix serialization alias choices (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3126\"\u003e#3126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/commit/90b0729b303be4246e4ce9babf825d0e4170b9f7\"\u003e\u003ccode\u003e90b0729\u003c/code\u003e\u003c/a\u003e Fix snake case array discriminator (\u003ca href=\"https://redirect.github.com/koxudaxi/datamodel-code-generator/issues/3125\"\u003e#3125\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/koxudaxi/datamodel-code-generator/compare/0.45.0...0.57.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `presidio-analyzer` from 2.2.361 to 2.2.362\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Microsoft/presidio/releases\"\u003epresidio-analyzer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 2.2.362\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature - GPU Device Control via Environment Variable by \u003ca href=\"https://github.com/RonShakutai\"\u003e\u003ccode\u003e@​RonShakutai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1844\"\u003emicrosoft/presidio#1844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add HuggingFaceNerRecognizer for direct NER model inference by \u003ca href=\"https://github.com/ultramancode\"\u003e\u003ccode\u003e@​ultramancode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1834\"\u003emicrosoft/presidio#1834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Broken Links by \u003ca href=\"https://github.com/andyjessen\"\u003e\u003ccode\u003e@​andyjessen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1856\"\u003emicrosoft/presidio#1856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin dependencies to mitigate supply chain attacks by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1861\"\u003emicrosoft/presidio#1861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixing CVE-2024-47874 and CVE-2025-54121 by \u003ca href=\"https://github.com/SharonHart\"\u003e\u003ccode\u003e@​SharonHart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1860\"\u003emicrosoft/presidio#1860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixing CVE-2025-2953 and CVE-2025-3730 by \u003ca href=\"https://github.com/SharonHart\"\u003e\u003ccode\u003e@​SharonHart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1859\"\u003emicrosoft/presidio#1859\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Fixed context enhancement substring matching bug  by \u003ca href=\"https://github.com/ravi-jindal\"\u003e\u003ccode\u003e@​ravi-jindal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1827\"\u003emicrosoft/presidio#1827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix _process_names unconditionally treating all metadata as PHI by \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1855\"\u003emicrosoft/presidio#1855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add UK Postcode (UK_POSTCODE) recognizer by \u003ca href=\"https://github.com/tee-jagz\"\u003e\u003ccode\u003e@​tee-jagz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1858\"\u003emicrosoft/presidio#1858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin ruff and build pip installs by hash for OSSF scorecard compliance by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1864\"\u003emicrosoft/presidio#1864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd US NPI (National Provider Identifier) recognizer by \u003ca href=\"https://github.com/stevenelliottjr\"\u003e\u003ccode\u003e@​stevenelliottjr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1847\"\u003emicrosoft/presidio#1847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd transformer-based MedicalNERRecognizer for clinical entity detection by \u003ca href=\"https://github.com/stevenelliottjr\"\u003e\u003ccode\u003e@​stevenelliottjr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1853\"\u003emicrosoft/presidio#1853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add Nigeria recognizers (National Identity Number and Vehicle Registration) by \u003ca href=\"https://github.com/tee-jagz\"\u003e\u003ccode\u003e@​tee-jagz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1863\"\u003emicrosoft/presidio#1863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix validation_result type in api docs and type hint by \u003ca href=\"https://github.com/akios-ai\"\u003e\u003ccode\u003e@​akios-ai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1869\"\u003emicrosoft/presidio#1869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 6.0.0 to 6.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1879\"\u003emicrosoft/presidio#1879\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github/codeql-action from 3.32.3 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1878\"\u003emicrosoft/presidio#1878\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/dependency-review-action from 3.1.5 to 4.8.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1877\"\u003emicrosoft/presidio#1877\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump microsoft/security-devops-action from 1.11.0 to 1.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1876\"\u003emicrosoft/presidio#1876\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/github-script from 7.0.1 to 8.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1875\"\u003emicrosoft/presidio#1875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump azure/login from 2.1.1 to 2.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1874\"\u003emicrosoft/presidio#1874\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/setup-buildx-action from 3.7.1 to 3.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1873\"\u003emicrosoft/presidio#1873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4.2.0 to 5.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/microsoft/presidio/pull/1872\"\u003emicrosoft...\n\n_Description has been truncated_","html_url":"https://github.com/classifyre-com/classifyre/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/classifyre-com%2Fclassifyre/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}}]}