{"id":9420,"name":"mistune","ecosystem":"pip","repository_url":"https://github.com/lepture/mistune","issues_count":259,"created_at":"2025-06-06T22:34:31.902Z","updated_at":"2025-06-06T22:34:31.902Z","purl":"pkg:pypi/mistune","metadata":{"id":2803289,"name":"mistune","ecosystem":"pypi","description":"A sane and fast Markdown parser with useful plugins and renderers","homepage":null,"licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/lepture/mistune","keywords_array":[],"namespace":null,"versions_count":47,"first_release_published_at":"2014-02-26T03:19:08.000Z","latest_release_published_at":"2025-03-19T14:27:23.000Z","latest_release_number":"3.1.3","last_synced_at":"2025-06-07T00:31:23.178Z","created_at":"2022-04-10T11:36:52.095Z","updated_at":"2025-06-07T00:31:23.178Z","registry_url":"https://pypi.org/project/mistune/","install_command":"pip install mistune --index-url https://pypi.org/simple","documentation_url":"https://mistune.lepture.com/","metadata":{"funding":null,"documentation":"https://mistune.lepture.com/","classifiers":["Development Status :: 4 - Beta","Environment :: Console","Environment :: Web Environment","Intended Audience :: Developers","License :: OSI Approved :: BSD License","Operating System :: OS Independent","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Text Processing :: Markup"],"normalized_name":"mistune"},"repo_metadata":{"id":14237580,"uuid":"16944764","full_name":"lepture/mistune","owner":"lepture","description":"A fast yet powerful Python Markdown parser with renderers and plugins.","archived":false,"fork":false,"pushed_at":"2025-05-21T14:16:46.000Z","size":1240,"stargazers_count":2779,"open_issues_count":44,"forks_count":258,"subscribers_count":43,"default_branch":"main","last_synced_at":"2025-05-27T20:03:29.074Z","etag":null,"topics":["markdown"],"latest_commit_sha":null,"homepage":"http://mistune.lepture.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lepture.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["lepture"],"patreon":"lepture","open_collective":null,"ko_fi":null,"tidelift":"pypi/mistune","custom":"https://lepture.com/donate"}},"created_at":"2014-02-18T10:13:04.000Z","updated_at":"2025-05-27T07:05:08.000Z","dependencies_parsed_at":"2024-01-17T10:01:22.645Z","dependency_job_id":"58b8fe8e-8a17-4e24-8018-a8c11b938a30","html_url":"https://github.com/lepture/mistune","commit_stats":{"total_commits":640,"total_committers":46,"mean_commits":13.91304347826087,"dds":0.109375,"last_synced_commit":"0772c78bc0a62771768278263ef740345f58c0f0"},"previous_names":[],"tags_count":47,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lepture","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257505020,"owners_count":22555741,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"lepture","name":"Hsiaoming Yang","uuid":"290496","kind":"user","description":"This guy is too lazy to introduce himself.","email":"","website":"https://lepture.com","location":"Japan","twitter":"lepture","company":"@hsiaoming ","icon_url":"https://avatars.githubusercontent.com/u/290496?v=4","repositories_count":183,"last_synced_at":"2025-06-01T10:03:06.286Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/lepture","funding_links":["https://github.com/sponsors/lepture"],"total_stars":14296,"followers":8756,"following":81,"created_at":"2022-11-02T16:23:25.851Z","updated_at":"2025-06-01T10:03:06.286Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lepture","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lepture/repositories"},"tags":[{"name":"v3.1.3","sha":"45e4de61b8897fe5b0458d5ebe3d3cc7bde408d2","kind":"commit","published_at":"2025-03-19T14:26:24.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.1.3","html_url":"https://github.com/lepture/mistune/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"253dc767a7274d5d316170416c5029b05ca66f85","kind":"commit","published_at":"2025-02-19T03:40:27.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.1.2","html_url":"https://github.com/lepture/mistune/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"9058e0ddb4d34dab43e18d71db3af8038f74b65f","kind":"commit","published_at":"2025-01-28T13:31:19.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.1.1","html_url":"https://github.com/lepture/mistune/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"177a0ceefd23a8ebc7f7efb5c89c0be8023ae3bf","kind":"commit","published_at":"2024-12-30T02:06:06.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.1.0","html_url":"https://github.com/lepture/mistune/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.1.0/manifests"},{"name":"v3.0.2","sha":"f997c86335d8a5d8435aac08b66ed3cba9381b51","kind":"commit","published_at":"2023-09-29T23:57:10.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.2","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.2/manifests"},{"name":"v3.0.1","sha":"7f6bd7c16baf61d63dabc3f5ac123ba150e834d3","kind":"commit","published_at":"2023-06-09T23:53:43.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.1","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.1/manifests"},{"name":"v3.0.0","sha":"4222ee11c119fc8b308c6f8137f35a394e08065b","kind":"commit","published_at":"2023-06-08T08:47:55.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0/manifests"},{"name":"v3.0.0rc5","sha":"8a75e568e3861e3818d520ac812ca03036f3ca11","kind":"commit","published_at":"2023-03-22T13:02:12.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0rc5","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0rc5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc5/manifests"},{"name":"v2.0.5","sha":"cb580e89e67ef9b4827daf43afd2058bdf5e58d2","kind":"commit","published_at":"2023-02-07T05:42:19.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.5","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.5/manifests"},{"name":"v3.0.0rc4","sha":"ed91259ad3a3d0ac4d2936d721bf2f855ba45f99","kind":"commit","published_at":"2022-11-30T08:46:49.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0rc4","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0rc4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc4/manifests"},{"name":"v3.0.0rc3","sha":"6c43c5031c599abd8ad8f42c906633f5e859e9f0","kind":"commit","published_at":"2022-11-25T12:15:36.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0rc3","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc3/manifests"},{"name":"v3.0.0rc2","sha":"507a3bf38cbb5dfad42cb664a93bacddeac02010","kind":"commit","published_at":"2022-11-06T06:57:00.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0rc2","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc2/manifests"},{"name":"v3.0.0rc1","sha":"f9258fc5769b560a9f2c8f15ee2d72cd32a1cd31","kind":"commit","published_at":"2022-09-26T11:42:48.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0rc1","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0rc1/manifests"},{"name":"v2.0.4","sha":"b92a5febd4da3d7097a3d2b8d7cac6f5d57ea20c","kind":"commit","published_at":"2022-07-14T23:26:55.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.4","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.4/manifests"},{"name":"v3.0.0a3","sha":"46c6b3ce7486d3dddcda6bc4e61c27525451c1d4","kind":"commit","published_at":"2022-07-14T05:59:07.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0a3","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0a3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0a3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0a3/manifests"},{"name":"v3.0.0a2","sha":"b0b7a66140e9d1e668b6bc79e1135f902572cc45","kind":"commit","published_at":"2022-07-12T22:51:52.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0a2","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0a2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0a2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0a2/manifests"},{"name":"v3.0.0a1","sha":"e6b3330ca05cd820cb2fb5d9f353c4fb5d18631f","kind":"commit","published_at":"2022-07-12T11:40:04.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v3.0.0a1","html_url":"https://github.com/lepture/mistune/releases/tag/v3.0.0a1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0a1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v3.0.0a1/manifests"},{"name":"v2.0.3","sha":"3f422f1e84edae0f39756c45be453ecde534b755","kind":"commit","published_at":"2022-07-01T15:10:44.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.3","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.3/manifests"},{"name":"v2.0.2","sha":"799cd118cc5e664b72e98410ce1b68645f1a38c0","kind":"commit","published_at":"2022-01-14T06:27:29.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.2","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.2/manifests"},{"name":"v2.0.1","sha":"3e8d35215120ac82176f300dd5e20c0bea5464ea","kind":"commit","published_at":"2021-12-30T10:35:05.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.1","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"e8fc67cc73bc8afcb0a620d2d4b762efff182516","kind":"commit","published_at":"2021-12-05T08:12:24.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0/manifests"},{"name":"v2.0.0rc1","sha":"d88194741a3790ab9ab707d985d18fa01eee1acf","kind":"commit","published_at":"2021-02-16T08:18:06.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0rc1","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0rc1/manifests"},{"name":"v2.0.0a6","sha":"6b1400ba27931f269e6bd21797b0be59c3e945a5","kind":"commit","published_at":"2020-11-26T02:57:46.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0a6","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0a6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a6/manifests"},{"name":"v2.0.0a5","sha":"463635d17c99841e4609b26e8bbd2c4163c58e96","kind":"commit","published_at":"2020-09-02T05:53:18.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0a5","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0a5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a5/manifests"},{"name":"v2.0.0a4","sha":"5e720dcac14c4b26af2da98b8d90b9d299347f1b","kind":"commit","published_at":"2020-04-19T12:12:17.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0a4","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0a4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a4/manifests"},{"name":"v2.0.0a3","sha":"a9e3dc494d7d6130f363001a17799b01fcd7fc4c","kind":"commit","published_at":"2020-04-11T06:06:36.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0a3","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0a3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a3/manifests"},{"name":"v2.0.0a2","sha":"dcaf974a6bf8e70bdee57d7333b6eac0a2ff14c5","kind":"commit","published_at":"2020-01-01T12:12:13.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0a2","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0a2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a2/manifests"},{"name":"v2.0.0a1","sha":"3d10584e25fdc3fbd42e3ad4602ecf859c671c04","kind":"commit","published_at":"2019-12-07T12:18:26.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v2.0.0a1","html_url":"https://github.com/lepture/mistune/releases/tag/v2.0.0a1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v2.0.0a1/manifests"},{"name":"v0.8.4","sha":"6470c42b2087a4649ad0437227cf7b5c570c3a91","kind":"commit","published_at":"2018-10-11T06:58:49.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.8.4","html_url":"https://github.com/lepture/mistune/releases/tag/v0.8.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.4/manifests"},{"name":"v0.8.3","sha":"92b7f32664bad1a4b3740ee81eda47e5246e780f","kind":"commit","published_at":"2017-12-04T05:01:44.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.8.3","html_url":"https://github.com/lepture/mistune/releases/tag/v0.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.3/manifests"},{"name":"v0.8.2","sha":"b8da37ec3d0e6f63273e37a7c47a0f00bd477db0","kind":"commit","published_at":"2017-12-04T04:57:27.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.8.2","html_url":"https://github.com/lepture/mistune/releases/tag/v0.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.2/manifests"},{"name":"v0.8.1","sha":"cef69acaa506567595e95ab6ecea25a806de622e","kind":"commit","published_at":"2017-11-20T15:17:28.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.8.1","html_url":"https://github.com/lepture/mistune/releases/tag/v0.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8.1/manifests"},{"name":"v0.8","sha":"7f7f106a717e6cf58012304e56b41d6fb2b98e5f","kind":"commit","published_at":"2017-10-26T17:01:52.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.8","html_url":"https://github.com/lepture/mistune/releases/tag/v0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.8/manifests"},{"name":"v0.7.4","sha":"714e60a20a7efe0923bc39991d989b3ef3324690","kind":"commit","published_at":"2017-03-14T06:57:45.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.7.4","html_url":"https://github.com/lepture/mistune/releases/tag/v0.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.4/manifests"},{"name":"v0.7.3","sha":"b93f3f17f8ec21f99cdc2e39215aebf1a900f20a","kind":"commit","published_at":"2016-06-28T07:59:37.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.7.3","html_url":"https://github.com/lepture/mistune/releases/tag/v0.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.3/manifests"},{"name":"v0.7.2","sha":"28f31d3b4f612d592d2e04d67705306d479c54c2","kind":"commit","published_at":"2016-02-26T01:42:04.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.7.2","html_url":"https://github.com/lepture/mistune/releases/tag/v0.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.2/manifests"},{"name":"v0.7.1","sha":"878f92bdb224a8b7830e8c33952bd2f368e5d711","kind":"commit","published_at":"2015-08-22T15:29:14.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.7.1","html_url":"https://github.com/lepture/mistune/releases/tag/v0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7.1/manifests"},{"name":"v0.7","sha":"8e060f31c7cb94a2d5f727e5519dbf19be14b992","kind":"commit","published_at":"2015-07-18T12:41:50.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.7","html_url":"https://github.com/lepture/mistune/releases/tag/v0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.7/manifests"},{"name":"v0.6","sha":"a4d88bbc98a0fa8998416550b1ffb803c6bd2e53","kind":"commit","published_at":"2015-06-17T06:18:48.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.6","html_url":"https://github.com/lepture/mistune/releases/tag/v0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.6/manifests"},{"name":"v0.5.1","sha":"9304c3a2c55c8992001ffcd386e007c31195d2e6","kind":"commit","published_at":"2015-03-10T08:48:58.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.5.1","html_url":"https://github.com/lepture/mistune/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.5.1/manifests"},{"name":"v0.5","sha":"cf1c5b496f582c84c5edefa0c9a284dbc7281a66","kind":"commit","published_at":"2014-12-05T04:36:58.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.5","html_url":"https://github.com/lepture/mistune/releases/tag/v0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.5/manifests"},{"name":"v0.4.1","sha":"852e04d81fe8ed6f983e3d9a8836a94f277bb22e","kind":"commit","published_at":"2014-10-12T01:34:33.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.4.1","html_url":"https://github.com/lepture/mistune/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.4.1/manifests"},{"name":"v0.4","sha":"2e6f740647cb109d22c79790dae21d1a8f45b058","kind":"commit","published_at":"2014-08-14T09:23:26.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.4","html_url":"https://github.com/lepture/mistune/releases/tag/v0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.4/manifests"},{"name":"v0.3.1","sha":"71590634e2ef89e603c7412ba54524c9382dab45","kind":"commit","published_at":"2014-07-31T08:28:45.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.3.1","html_url":"https://github.com/lepture/mistune/releases/tag/v0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.3.1/manifests"},{"name":"v0.3.0","sha":"50c8386388b1f716539087d19b261e708823105a","kind":"commit","published_at":"2014-06-27T01:50:24.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.3.0","html_url":"https://github.com/lepture/mistune/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.3.0/manifests"},{"name":"v0.2.0","sha":"46bb1a0b60fb93f7a3a20b70fbbc1181cd38d12e","kind":"commit","published_at":"2014-03-12T06:10:47.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.2.0","html_url":"https://github.com/lepture/mistune/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.2.0/manifests"},{"name":"v0.1.0","sha":"eb4edac078a43db665c04019749469cf7c77d1c3","kind":"commit","published_at":"2014-02-26T03:15:34.000Z","download_url":"https://codeload.github.com/lepture/mistune/tar.gz/v0.1.0","html_url":"https://github.com/lepture/mistune/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lepture%2Fmistune/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2025-06-03T03:33:08.045Z","dependent_packages_count":331,"downloads":40305205,"downloads_period":"last-month","dependent_repos_count":64256,"rankings":{"downloads":0.053007389853761966,"dependent_repos_count":0.021643155718837067,"dependent_packages_count":0.07116563066871848,"stargazers_count":2.026753141467369,"forks_count":4.362196376788999,"docker_downloads_count":0.2725570287982363,"average":1.134553787215987},"purl":"pkg:pypi/mistune","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4Z2otd3d4bS1jajNo","url":"https://github.com/advisories/GHSA-98gj-wwxm-cj3h","title":"mistune Cross-site scripting (XSS) vulnerability","description":"Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the \"key\" argument.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-01-04T17:47:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.1,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-16876","https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98","https://bugzilla.redhat.com/show_bug.cgi?id=1524596","https://github.com/lepture/mistune/blob/master/CHANGES.rst","https://github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2017-18.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUR3GMHQBMA3UC4PFMCK6GCLOQC4LQQC","https://github.com/advisories/GHSA-98gj-wwxm-cj3h"],"source_kind":"github","identifiers":["GHSA-98gj-wwxm-cj3h","CVE-2017-16876"],"repository_url":"https://github.com/lepture/mistune","blast_radius":24.520359802643725,"packages":[{"versions":[{"first_patched_version":"0.8.1","vulnerable_version_range":"\u003c 0.8.1"}],"ecosystem":"pypi","package_name":"mistune"}],"created_at":"2022-12-21T16:13:32.113Z","updated_at":"2024-09-24T21:24:31.000Z","epss_percentage":0.0058,"epss_percentile":0.67576},{"uuid":"GSA_kwCzR0hTQS1ocHY1LXY4ZzUtYzg2NM4AAYPc","url":"https://github.com/advisories/GHSA-hpv5-v8g5-c864","title":"Cross-site Scripting in Mistune","description":"mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\\nscript:) or a crafted email address, related to the escape and autolink functions.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T00:26:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2017-15612","https://github.com/lepture/mistune/pull/140","https://github.com/advisories/GHSA-hpv5-v8g5-c864","https://github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2017-80.yaml","https://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe"],"source_kind":"github","identifiers":["GHSA-hpv5-v8g5-c864","CVE-2017-15612"],"repository_url":"https://github.com/lepture/mistune","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.8","vulnerable_version_range":"\u003e= 0, \u003c 0.8"}],"ecosystem":"pypi","package_name":"mistune"}],"created_at":"2022-12-21T16:11:59.786Z","updated_at":"2023-09-02T05:06:12.000Z","epss_percentage":0.00223,"epss_percentile":0.45001},{"uuid":"GSA_kwCzR0hTQS1mdzN2LXg0ZjItdjY3M84AAtnx","url":"https://github.com/advisories/GHSA-fw3v-x4f2-v673","title":"Mistune vulnerable to catastrophic backtracking","description":"In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-07-26T00:00:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.8,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-34749","https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2","https://github.com/lepture/mistune/releases","https://github.com/pypa/advisory-database/tree/main/vulns/mistune/PYSEC-2022-237.yaml","https://github.com/lepture/mistune/issues/314#issuecomment-1223972386","https://github.com/lepture/mistune/commit/ca1e7b506850f4e488823fc7338b49a8f9852718","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQHXITQ2DSBYOILKHXBSBB7PFBPZHF63","https://github.com/advisories/GHSA-fw3v-x4f2-v673"],"source_kind":"github","identifiers":["GHSA-fw3v-x4f2-v673","CVE-2022-34749"],"repository_url":"https://github.com/lepture/mistune","blast_radius":42.30964044377741,"packages":[{"versions":[{"first_patched_version":"2.0.3","vulnerable_version_range":"\u003e= 2.0.0a1, \u003c 2.0.3"}],"ecosystem":"pypi","package_name":"mistune"}],"created_at":"2022-12-21T16:12:00.784Z","updated_at":"2025-05-22T01:10:32.842Z","epss_percentage":0.00071,"epss_percentile":0.225}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/mistune","docker_dependents_count":4778,"docker_downloads_count":862845207,"usage_url":"https://repos.ecosyste.ms/usage/pypi/mistune","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/mistune/dependencies","status":null,"funding_links":["https://github.com/sponsors/lepture","https://patreon.com/lepture","https://tidelift.com/funding/github/pypi/mistune","https://lepture.com/donate"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/mistune/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/mistune/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/mistune/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/mistune/related_packages","maintainers":[{"uuid":"lepture","login":"lepture","name":null,"email":null,"url":null,"packages_count":36,"html_url":"https://pypi.org/user/lepture/","role":null,"created_at":"2022-12-05T17:51:40.390Z","updated_at":"2022-12-05T17:51:40.390Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/lepture/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690419,"maintainers_count":292811,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":160,"unique_repositories_count_past_30_days":7,"recent_issues":[{"uuid":"4636387573","node_id":"PR_kwDORtR3rs7lHOUF","number":5,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-11T01:29:05.000Z","updated_at":"2026-06-11T01:30:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":19,"packages":[{"name":"flask","old_version":"3.1.2","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"cryptography","old_version":"46.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"filelock","old_version":"3.20.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"marshmallow","old_version":"3.26.1","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"mistune","old_version":"3.1.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.16.6","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pypdf","old_version":"6.4.2","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"python-multipart","old_version":"0.0.21","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.50.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.9.1","new_version":"2.10.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.5.4","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"urllib3","old_version":"2.6.2","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"virtualenv","old_version":"20.35.4","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"},{"name":"werkzeug","old_version":"3.1.4","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 19 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `3.1.2` | `3.1.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.3` | `46.0.7` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.20.1` | `3.20.3` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.26.1` | `3.26.2` |\n| [mistune](https://github.com/lepture/mistune) | `3.1.4` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.16.6` | `7.17.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.4.2` | `6.10.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.21` | `0.0.27` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.9.1` | `2.10.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.2` | `2.7.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.35.4` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.4` | `3.1.6` |\n\n\nUpdates `flask` from 3.1.2 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.1.2...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.20.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.3 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): restore release environment on tag job :pr:\u003ccode\u003e559\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003evalidate pid range in _parse_lock_holder :pr:\u003ccode\u003e556\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 ci(release): publish to PyPI on tag push :pr:\u003ccode\u003e557\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:\u003ccode\u003e558\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.2 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:\u003ccode\u003e555\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e554\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echeck hostname in is_lock_held_by_us :pr:\u003ccode\u003e553\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:\u003ccode\u003e551\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eopen marker reads non-blocking to refuse attacker-placed fifo :pr:\u003ccode\u003e549\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.1 (2026-06-03)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:\u003ccode\u003e548\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e547\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e546\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e545\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e544\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e542\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify per-thread scope of FileLock configuration :pr:\u003ccode\u003e543\u003c/code\u003e - by :user:\u003ccode\u003eGares95\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e541\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix API docs of \u003ccode\u003erelease()\u003c/code\u003e :pr:\u003ccode\u003e540\u003c/code\u003e - by :user:\u003ccode\u003eMrAnno\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e539\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e538\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e537\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:\u003ccode\u003e536\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e535\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.0 (2026-04-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(soft): enable stale lock detection on Windows :pr:\u003ccode\u003e534\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(async): use single-thread executor for lock consistency :pr:\u003ccode\u003e533\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:\u003ccode\u003e530\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.20.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.26.1 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.26.1...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.4 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nbconvert` from 7.16.6 to 7.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.1\u003c/h2\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Ken-B\"\u003e\u003ccode\u003e@​Ken-B\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgeier\"\u003e\u003ccode\u003e@​mgeier\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mpacer\"\u003e\u003ccode\u003e@​mpacer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/SylvainCorlay\"\u003e\u003ccode\u003e@​SylvainCorlay\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/takluyver\"\u003e\u003ccode\u003e@​takluyver\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Ken-B\"\u003e\u003ccode\u003e@​Ken-B\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgeier\"\u003e\u003ccode\u003e@​mgeier\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mpacer\"\u003e\u003ccode\u003e@​mpacer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/SylvainCorlay\"\u003e\u003ccode\u003e@​SylvainCorlay\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/takluyver\"\u003e\u003ccode\u003e@​takluyver\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/78ed30837a607deab7cf0a12dca072bf3f63417a\"\u003e\u003ccode\u003e78ed308\u003c/code\u003e\u003c/a\u003e Publish 7.17.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/f090a64606fde4c7f87cbf478f51b4aa46a425ec\"\u003e\u003ccode\u003ef090a64\u003c/code\u003e\u003c/a\u003e ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003e\u003ccode\u003eb3b6ec0\u003c/code\u003e\u003c/a\u003e chore: update pre-commit hooks (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2277\"\u003e#2277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/be4841f7da51c499b1937e41e6e71926dbe0daa3\"\u003e\u003ccode\u003ebe4841f\u003c/code\u003e\u003c/a\u003e ignore silly security lint in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/26d57b295870f5572d9bd0535acee4a120339c10\"\u003e\u003ccode\u003e26d57b2\u003c/code\u003e\u003c/a\u003e fix type annotation on Lexer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/0e6b8ccabf2aca6c18fac8c574f22b7155f441fb\"\u003e\u003ccode\u003e0e6b8cc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/ba5e5cdd737704388251fa55fa9e58f5752fa39d\"\u003e\u003ccode\u003eba5e5cd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/1db0c88d865146ce02b6405a8d96753d3d0cd0c2\"\u003e\u003ccode\u003e1db0c88\u003c/code\u003e\u003c/a\u003e Specify python version for pre (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2276\"\u003e#2276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7473fc3037a6317bff54380e3a7162d73bf089b3\"\u003e\u003ccode\u003e7473fc3\u003c/code\u003e\u003c/a\u003e chore: update pre-commit hooks (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2242\"\u003e#2242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/4322f7f290694929f414cefadc942111afad3762\"\u003e\u003ccode\u003e4322f7f\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2273\"\u003e#2273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.2 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.2...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.4.2 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6...\n\n_Description has been truncated_","html_url":"https://github.com/tabrezahmed51/MiroFish_0118/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tabrezahmed51%2FMiroFish_0118/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4617726976","node_id":"PR_kwDOP4uxx87kJ4a4","number":190,"state":"open","title":"chore(deps): bump the all-dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-09T00:38:36.000Z","updated_at":"2026-06-09T00:39:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all-dependencies","update_count":45,"packages":[{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"bleach","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"click","old_version":"8.3.2","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"debugpy","old_version":"1.8.20","new_version":"1.8.21","repository_url":"https://github.com/microsoft/debugpy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"docstring-parser","old_version":"0.17.0","new_version":"0.18.0","repository_url":"https://github.com/rr-/docstring_parser"},{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"httptools","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/MagicStack/httptools"},{"name":"idna","old_version":"3.11","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"ipython","old_version":"9.12.0","new_version":"9.14.1","repository_url":"https://github.com/ipython/ipython"},{"name":"jedi","old_version":"0.19.2","new_version":"0.20.0","repository_url":"https://github.com/davidhalter/jedi"},{"name":"jiter","old_version":"0.14.0","new_version":"0.15.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"jupyter-events","old_version":"0.12.0","new_version":"0.12.1","repository_url":"https://github.com/jupyter/jupyter_events"},{"name":"jupyter-client","old_version":"8.8.0","new_version":"8.9.0","repository_url":"https://github.com/jupyter/jupyter_client"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.19.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.5.6","new_version":"4.5.8","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"matplotlib","old_version":"3.10.8","new_version":"3.10.9","repository_url":"https://github.com/matplotlib/matplotlib"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbclient","old_version":"0.10.4","new_version":"0.11.0","repository_url":"https://github.com/jupyter/nbclient"},{"name":"notebook","old_version":"7.5.5","new_version":"7.5.7","repository_url":"https://github.com/jupyter/notebook"},{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"parso","old_version":"0.8.6","new_version":"0.8.7","repository_url":"https://github.com/davidhalter/parso"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"postgrest","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"praw","old_version":"7.8.1","new_version":"7.8.2","repository_url":"https://github.com/praw-dev/praw"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pydantic","old_version":"2.13.0","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-core","old_version":"2.46.0","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"realtime","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"storage3","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.7","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"traitlets","old_version":"5.14.3","new_version":"5.15.1","repository_url":"https://github.com/ipython/traitlets"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.8.1","repository_url":"https://github.com/jquast/wcwidth"}],"path":null,"ecosystem":"pip"},"body":"Bumps the all-dependencies group with 45 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |\n| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.1` |\n| [debugpy](https://github.com/microsoft/debugpy) | `1.8.20` | `1.8.21` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [docstring-parser](https://github.com/rr-/docstring_parser) | `0.17.0` | `0.18.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [httptools](https://github.com/MagicStack/httptools) | `0.7.1` | `0.8.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |\n| [ipython](https://github.com/ipython/ipython) | `9.12.0` | `9.14.1` |\n| [jedi](https://github.com/davidhalter/jedi) | `0.19.2` | `0.20.0` |\n| [jiter](https://github.com/pydantic/jiter) | `0.14.0` | `0.15.0` |\n| [jupyter-events](https://github.com/jupyter/jupyter_events) | `0.12.0` | `0.12.1` |\n| [jupyter-client](https://github.com/jupyter/jupyter_client) | `8.8.0` | `8.9.0` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.19.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.6` | `4.5.8` |\n| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.8` | `3.10.9` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [nbclient](https://github.com/jupyter/nbclient) | `0.10.4` | `0.11.0` |\n| [notebook](https://github.com/jupyter/notebook) | `7.5.5` | `7.5.7` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [praw](https://github.com/praw-dev/praw) | `7.8.1` | `7.8.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.0` | `2.13.4` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.0` | `2.47.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.7` |\n| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.8.1` |\n\n\nUpdates `beautifulsoup4` from 4.14.3 to 4.15.0\n\nUpdates `bleach` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.4.0 (June 5th, 2026)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE: 2026-06-05: Bleach is no longer maintained. There will be no future\nreleases including for security issues.\u003c/strong\u003e\nSee issue: \u003ccode\u003e\u0026lt;https://github.com/mozilla/bleach/issues/698\u0026gt;\u003c/code\u003e__\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for pypy 3.10. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug 2023812 / GHSA-8rfp-98v4-mmr6.\u003c/p\u003e\n\u003cp\u003eFix XSS issue with sanitize_uri_value where disallowed schemes with\nUnicode invisible characters wouldn't be rejected.\u003c/p\u003e\n\u003cp\u003eFor example::\u003c/p\u003e\n\u003cp\u003eimport bleach\npayload1 = '\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\nresult1 = bleach.clean(payload1)\nprint(repr(result1))\u003c/p\u003e\n\u003cp\u003eoutputs::\u003c/p\u003e\n\u003cp\u003e'\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix GHSA-gj48-438w-jh9v.\u003c/p\u003e\n\u003cp\u003eFix issue where URI sanitization wasn't happening in formaction attributes.\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for pypy 3.11. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop version max in tinycss2 pin. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/772\"\u003e#772\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis removes one of the things we had to keep checking and updating. Users\nnow own the responsibility for correctness with the version of tinycss2\nthey're using.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/f0355a7af00500482c5292c6c83290c6a178068d\"\u003e\u003ccode\u003ef0355a7\u003c/code\u003e\u003c/a\u003e fix: fix last release date in CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/ae4e8a26706516ad01b92e66321b480208a440da\"\u003e\u003ccode\u003eae4e8a2\u003c/code\u003e\u003c/a\u003e chore: bleach 6.4.0 and final release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/970df58e9f0c55cc52244f3f0106e473a40d886d\"\u003e\u003ccode\u003e970df58\u003c/code\u003e\u003c/a\u003e fix: uri-sanitization in formaction attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/7c4867c32344d1c961107fae62240a6f0dc680dc\"\u003e\u003ccode\u003e7c4867c\u003c/code\u003e\u003c/a\u003e fix: xss bypass in allowed protocol test using unicode invisible characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/913ab75992b845e2c9c060c41f24d46921db4693\"\u003e\u003ccode\u003e913ab75\u003c/code\u003e\u003c/a\u003e fix: reduce redundancy in workflow jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/218c15af455c8dec14f98fcb2e235f8680e93930\"\u003e\u003ccode\u003e218c15a\u003c/code\u003e\u003c/a\u003e fix: rework pip caching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/4f0b097bf80548a022050e2f71f024d755a9f154\"\u003e\u003ccode\u003e4f0b097\u003c/code\u003e\u003c/a\u003e fix: fix tox platform restrictions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/e95a79d07bb5d792425c2bc0ef5dd03f6614f3bb\"\u003e\u003ccode\u003ee95a79d\u003c/code\u003e\u003c/a\u003e chore: update pytest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/91539d4e80d4685b8f2bedc79076ff0ff6c1b911\"\u003e\u003ccode\u003e91539d4\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cd47b4ce495859065da23c2116f651e591e1e90d\"\u003e\u003ccode\u003ecd47b4c\u003c/code\u003e\u003c/a\u003e fix: handle left-angle-bracket that's not a tag (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v6.3.0...v6.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.2 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.md\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. {issue}\u003ccode\u003e3458\u003c/code\u003e {pr}\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. {issue}\u003ccode\u003e3277\u003c/code\u003e {pr}\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eEnum\u003c/code\u003e values used as \u003ccode\u003eChoice\u003c/code\u003e options produces a\nvalid completion result. {issue}\u003ccode\u003e3015\u003c/code\u003e {pr}\u003ccode\u003e3471\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. {issue}\u003ccode\u003e3487\u003c/code\u003e {pr}\u003ccode\u003e3493\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. {issue}\u003ccode\u003e3449\u003c/code\u003e {pr}\u003ccode\u003e3482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eopen_url\u003c/code\u003e on Windows when the file path contains spaces.\n{issue}\u003ccode\u003e2994\u003c/code\u003e {pr}\u003ccode\u003e3478\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for {class}\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n{class}\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n{class}\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e{class}\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add {func}\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n{pr}\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e{attr}\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of {meth}\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor {class}\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n{issue}\u003ccode\u003e2745\u003c/code\u003e {pr}\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.2...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `debugpy` from 1.8.20 to 1.8.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/debugpy/releases\"\u003edebugpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edebugpy v1.8.21\u003c/h2\u003e\n\u003cp\u003eFixes for:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReturn evaluate result in DAP response body instead of writing to stdout: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent invalid \u003ccode\u003escopes\u003c/code\u003e request from crashing debug session: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2026\"\u003e#2026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip uninitialized \u003ccode\u003e__slots__\u003c/code\u003e in variable resolver: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2024\"\u003e#2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle \u003ccode\u003e-c\u003c/code\u003e arguments that are \u003ccode\u003ebytes\u003c/code\u003e instead of \u003ccode\u003estr\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluation of variables from chained exception frames: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2018\"\u003e#2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContinueRequest\u003c/code\u003e with a specific \u003ccode\u003ethreadId\u003c/code\u003e no longer resumes all threads (in-process adapter): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2012\"\u003e#2012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid strong reference to exceptions during unwind: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2008\"\u003e#2008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow error message on evaluate failures in the hover context: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2006\"\u003e#2006\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay \u003ccode\u003edlerror\u003c/code\u003e output when \u003ccode\u003edlopen\u003c/code\u003e fails: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2000\"\u003e#2000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace removed \u003ccode\u003epkgutil.get_loader\u003c/code\u003e with \u003ccode\u003eimportlib.util.find_spec\u003c/code\u003e in \u003ccode\u003eget_fullname\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/1998\"\u003e#1998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option to ignore all system exit codes: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2017\"\u003e#2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePull changes from pydevd up to March 2026: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2010\"\u003e#2010\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure work:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816219\"\u003e#2816219\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2028\"\u003e#2028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2029\"\u003e#2029\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2030\"\u003e#2030\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2031\"\u003e#2031\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/maxbachmann\"\u003e\u003ccode\u003e@​maxbachmann\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mfussenegger\"\u003e\u003ccode\u003e@​mfussenegger\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/sambrightman\"\u003e\u003ccode\u003e@​sambrightman\u003c/code\u003e\u003c/a\u003e for the commits.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/858b05c08555cfc54efa7cf90e70184c7495b38e\"\u003e\u003ccode\u003e858b05c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e: suppress Flawfinder false positive on Cython JoinPyUnicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/f0c34f133ad3eb7992ca50e45e5459f9d58f4be8\"\u003e\u003ccode\u003ef0c34f1\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e: suppress Flawfinder false positive on Cython DIGIT_PAIRS_8 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/4c70e13d0e3fc8eee5013cd2a41c7a6d752d55d3\"\u003e\u003ccode\u003e4c70e13\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/19c2b8c029975a6ba2e4e521d8fbdf5f1b3ed8fd\"\u003e\u003ccode\u003e19c2b8c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/ab9263839637357f3372ffb550395ffbf8ce9f77\"\u003e\u003ccode\u003eab92638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2031\"\u003e#2031\u003c/a\u003e from StellaHuang95/stellahuang/tsa-2816219-flawfinde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/12bd4fef7ea5c35248d9f175f5b0218b970fa64c\"\u003e\u003ccode\u003e12bd4fe\u003c/code\u003e\u003c/a\u003e Return evaluate result in DAP response body instead of writing to stdout (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/8bd57a7d446d6ec4d7dd4e580d00cdea193ddcd9\"\u003e\u003ccode\u003e8bd57a7\u003c/code\u003e\u003c/a\u003e Prevent invalid scopes request from crashing debug session (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/bf118c8d0ec97e584d2f3cfd781f04a745a1334c\"\u003e\u003ccode\u003ebf118c8\u003c/code\u003e\u003c/a\u003e Skip uninitialized \u003cstrong\u003eslots\u003c/strong\u003e in variable resolver (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/a55be0e6f0700646e0833097ab78b2e4ba68745b\"\u003e\u003ccode\u003ea55be0e\u003c/code\u003e\u003c/a\u003e Potential fix when \u003ccode\u003e-c\u003c/code\u003e arguments are bytes instead of a str (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/0f037adec6fb2f61ad225849e953188ec349adbc\"\u003e\u003ccode\u003e0f037ad\u003c/code\u003e\u003c/a\u003e Fix evaluation of variables from chained exception frames (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/debugpy/compare/v1.8.20...v1.8.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docstring-parser` from 0.17.0 to 0.18.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rr-/docstring_parser/blob/master/CHANGELOG.md\"\u003edocstring-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.18 (2026-04-14)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Allow \u003ccode\u003eparse()\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/jamesbraza\"\u003e\u003ccode\u003e@​jamesbraza\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.14 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Exclude \u003ccode\u003edocstring_parser.tests\u003c/code\u003e from built wheels (thanks to \u003ca href=\"https://github.com/gvalkov\"\u003e\u003ccode\u003e@​gvalkov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEpydoc: Add missing attribute parsing, which includes the \u0026quot;\u003ca href=\"https://github.com/ivar\"\u003e\u003ccode\u003e@​ivar\u003c/code\u003e\u003c/a\u003e\u0026quot;, \u0026quot;\u003ca href=\"https://github.com/cvar\"\u003e\u003ccode\u003e@​cvar\u003c/code\u003e\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"https://github.com/var\"\u003e\u003ccode\u003e@​var\u003c/code\u003e\u003c/a\u003e\u0026quot; syntax (thanks to \u003ca href=\"https://github.com/Masara\"\u003e\u003ccode\u003e@​Masara\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNumpydoc: Add support for defaults in type declarations and improve compose behavior (thanks to \u003ca href=\"https://github.com/jwlodek\"\u003e\u003ccode\u003e@​jwlodek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.17 (2025-07-21)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Replace poetry with hatchling (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Drop support for Python 3.6 and 3.7 (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.13 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Publish packages to PyPI with digital attestations (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGoogle: Fix multi-line parameter definitions (thanks to \u003ca href=\"https://github.com/coolbeevip\"\u003e\u003ccode\u003e@​coolbeevip\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAttrdoc: Remove use of deprecated ast classes (thanks to \u003ca href=\"https://github.com/fedepell\"\u003e\u003ccode\u003e@​fedepell\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.16 (2024-03-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new property, \u003ccode\u003edescription\u003c/code\u003e, that combines short and long\ndescriptions into a single string (thanks to \u003ca href=\"https://github.com/pR0Ps\"\u003e\u003ccode\u003e@​pR0Ps\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: support Python 3.12 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.15 (2022-09-05)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new function, \u003ccode\u003eparse_from_object\u003c/code\u003e, that supports scattered\ndocstrings (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14.1 (2022-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: fix autodetection (regression from 0.14)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14 (2022-04-25)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eNumpydoc: Improved support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.13 (2021-11-17)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle: Added support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.12 (2021-10-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Added support for lone \u003ccode\u003e:rtype:\u003c/code\u003e meta information (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.11 (2021-09-30)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Started tracking changes\u003c/li\u003e\n\u003cli\u003eGeneral: Added ability to combine function docstrings (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReST: Added support for \u003ccode\u003e:type:\u003c/code\u003e and \u003ccode\u003e:rtype:\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/87dca55a7b5bdc854ad1d190f1c461015ba5f008\"\u003e\u003ccode\u003e87dca55\u003c/code\u003e\u003c/a\u003e Bump version: 0.17.0 → 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/059d189eef68dccd226531a8536652c04e467744\"\u003e\u003ccode\u003e059d189\u003c/code\u003e\u003c/a\u003e Support Python 3.14 (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/9f8501fd9cfc68794b33be79acc03a303c8bb527\"\u003e\u003ccode\u003e9f8501f\u003c/code\u003e\u003c/a\u003e Remove docstring_parser.tests from bdist (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/107\"\u003e#107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/352ac5acfa7e8b91319dd26687996f856c282a97\"\u003e\u003ccode\u003e352ac5a\u003c/code\u003e\u003c/a\u003e Add support for setting default value in type declaration for numpydoc, vario...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/434078c85ef98e1bd38de0bff377e081073227da\"\u003e\u003ccode\u003e434078c\u003c/code\u003e\u003c/a\u003e build: fix builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/fd6fe7b35363c1744a732381596d50eda161f9e2\"\u003e\u003ccode\u003efd6fe7b\u003c/code\u003e\u003c/a\u003e epydoc: add missing attribute parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/37fac3d32ebd73e16c468aefd54022c6a6d8d563\"\u003e\u003ccode\u003e37fac3d\u003c/code\u003e\u003c/a\u003e docs: fix missing changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/b4a3c48883f6dd3d69c1dc57545f1b72238c6c2a\"\u003e\u003ccode\u003eb4a3c48\u003c/code\u003e\u003c/a\u003e Allowing \u003ccode\u003eparse\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rr-/docstring_parser/compare/0.17.0...0.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.135.3 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httptools` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/httptools/releases\"\u003ehttptools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/justeph\"\u003e\u003ccode\u003e@​justeph\u003c/code\u003e\u003c/a\u003e in c398a157)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/kumaraditya303\"\u003e\u003ccode\u003e@​kumaraditya303\u003c/code\u003e\u003c/a\u003e in 28d1db15)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in a9bda0ed)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in e3e8d71e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in a0283f07 for \u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/142\"\u003e#142\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/OldManYellsAtCloud\"\u003e\u003ccode\u003e@​OldManYellsAtCloud\u003c/code\u003e\u003c/a\u003e in c403ad1a)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/cf10ce6f0dae56e61817e67b9bb073dd39d0191a\"\u003e\u003ccode\u003ecf10ce6\u003c/code\u003e\u003c/a\u003e httptools 0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a0283f07c8a7a3f81e26135283daa25e4baba3af\"\u003e\u003ccode\u003ea0283f0\u003c/code\u003e\u003c/a\u003e security: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/05e6b8e9cf71fed8fa0e4796a2c1a52351b2e182\"\u003e\u003ccode\u003e05e6b8e\u003c/code\u003e\u003c/a\u003e ci: add freethreading 3.14 to the CI matrix (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/e3e8d71ee946937209aa965400cc2a8710520215\"\u003e\u003ccode\u003ee3e8d71\u003c/code\u003e\u003c/a\u003e Bump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a9bda0edb93da51c68cbf6db791c958166b86249\"\u003e\u003ccode\u003ea9bda0e\u003c/code\u003e\u003c/a\u003e Fix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/28d1db15eaeaab5bc7d376d2c2035d966b6e1378\"\u003e\u003ccode\u003e28d1db1\u003c/code\u003e\u003c/a\u003e mark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c403ad1ad6cc9345834269a0611b74c6ee4bdcfa\"\u003e\u003ccode\u003ec403ad1\u003c/code\u003e\u003c/a\u003e Allow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c398a1579a30ba12b5aeed2d7163644947514590\"\u003e\u003ccode\u003ec398a15\u003c/code\u003e\u003c/a\u003e Add http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/4cfdabd31ccfd5ccf9ab8c60992b4348ebcf5a84\"\u003e\u003ccode\u003e4cfdabd\u003c/code\u003e\u003c/a\u003e ci: fix release workflow (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/ef71da977cde416fcbd570393fe0c1e22d26b56f\"\u003e\u003ccode\u003eef71da9\u003c/code\u003e\u003c/a\u003e Post-release version bump\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/MagicStack/httptools/compare/v0.7.1...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.18\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.18 (2026-06-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen decoding a domain, add a \u003ccode\u003edisplay\u003c/code\u003e argument that will pass\nthrough invalid labels rather than raising an exception.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1\"\u003e\u003ccode\u003ef39ea90\u003c/code\u003e\u003c/a\u003e Release 3.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba\"\u003e\u003ccode\u003e40f4e40\u003c/code\u003e\u003c/a\u003e Pre-release 3.18rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24\"\u003e\u003ccode\u003e1a5bf80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/253\"\u003e#253\u003c/a\u003e from kjd/lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac\"\u003e\u003ccode\u003e5bbb26f\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d\"\u003e\u003ccode\u003ec532bae\u003c/code\u003e\u003c/a\u003e Rename decode() lenient= option to display= (issue \u003ca href=\"https://redirect.github.com/kjd/idna/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580\"\u003e\u003ccode\u003e0b1758b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/252\"\u003e#252\u003c/a\u003e from kjd/release-3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ipython` from 9.12.0 to 9.14.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/352c35b9e841fe20c2a0dc09af67e180e6854322\"\u003e\u003ccode\u003e352c35b\u003c/code\u003e\u003c/a\u003e release 9.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/df72b1f8d94e874947f6425dbbcca614942aa3f5\"\u003e\u003ccode\u003edf72b1f\u003c/code\u003e\u003c/a\u003e Add forward compatibility for pdb.Pdb's mode argument (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15235\"\u003e#15235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/a957d81c3177d33fc9d0b5fe123e58dd8cbf87e7\"\u003e\u003ccode\u003ea957d81\u003c/code\u003e\u003c/a\u003e Handle pdb.Pdb \u003ccode\u003emode\u003c/code\u003e argument and test signature compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/3e1c0544e141d55cd232259d4828a633e952f5fc\"\u003e\u003ccode\u003e3e1c054\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15238\"\u003e#15238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/0181ae38b68b929f464c349ad139e1080ee60a93\"\u003e\u003ccode\u003e0181ae3\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/fb831cc06fe27a12f5d52f6608fa90857428748c\"\u003e\u003ccode\u003efb831cc\u003c/code\u003e\u003c/a\u003e back to dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/9d1f24b9687279362b66f4e8c8a36ffde895a05d\"\u003e\u003ccode\u003e9d1f24b\u003c/code\u003e\u003c/a\u003e release 9.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d8b9d11f2796300d914a88dc08de35ce93bc5aa0\"\u003e\u003ccode\u003ed8b9d11\u003c/code\u003e\u003c/a\u003e Add IPython 9.14 release notes (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15228\"\u003e#15228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/80cc1b963349ebc472b69f7da505cccebb2e6ad5\"\u003e\u003ccode\u003e80cc1b9\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/99feaadc543d43abc9287734651f4b618305a6bb\"\u003e\u003ccode\u003e99feaad\u003c/code\u003e\u003c/a\u003e Prepare release notes for 9.14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/ipython/compare/9.12.0...9.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jedi` from 0.19.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst\"\u003ejedi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.20.0 (2026-05-02)\n+++++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003cli\u003eRemoved support for Python 3.8 and 3.9\u003c/li\u003e\n\u003cli\u003eUpgraded Typeshed\u003c/li\u003e\n\u003cli\u003eBetter support for Final/ClassVar\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e__new__\u003c/code\u003e is now also recognized as a signature and TypeVar inference\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSelf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eTypeAlias\u003c/code\u003e, generics for \u003ccode\u003etype[...]\u003c/code\u003e and \u003ccode\u003etuple[...]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/3102215478fe07b965dcd8221c17436d1dd7e8ac\"\u003e\u003ccode\u003e3102215\u003c/code\u003e\u003c/a\u003e Move the type parameter syntax tests so that it works for all versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/1b37f2eb946e825cbc2887c6dd34ee046f0ae68c\"\u003e\u003ccode\u003e1b37f2e\u003c/code\u003e\u003c/a\u003e Prepare for the 0.20.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8e4df5cc0ec511db1af6d358182b1fb7c1e0cbff\"\u003e\u003ccode\u003e8e4df5c\u003c/code\u003e\u003c/a\u003e Make sure the new generic syntax does not fail with latest parso\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/4c9dbcca0329454b638bfa32e2825bedcfdf0eac\"\u003e\u003ccode\u003e4c9dbcc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/davidhalter/jedi/issues/2098\"\u003e#2098\u003c/a\u003e from davidhalter/updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/fedb1a5eb0d74446f6d431db2920ab5f1e1d5b18\"\u003e\u003ccode\u003efedb1a5\u003c/code\u003e\u003c/a\u003e Fix 3.10 tests in one more case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/87e782f9c82de7297e243a770ac8888570bffa8e\"\u003e\u003ccode\u003e87e782f\u003c/code\u003e\u003c/a\u003e Fix flake8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/cd52d982e10ac54f0ebef06e0bd414f79589998a\"\u003e\u003ccode\u003ecd52d98\u003c/code\u003e\u003c/a\u003e Fixes to get the tests passing for 3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/d0b11806d4d1def377234bc2dc512992c997a977\"\u003e\u003ccode\u003ed0b1180\u003c/code\u003e\u003c/a\u003e Finally make tests work for 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8520a9958b489bd8d30cf20b4d2798f7289aab45\"\u003e\u003ccode\u003e8520a99\u003c/code\u003e\u003c/a\u003e Implement support for TypeVar inference for \u003cstrong\u003enew\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/55e5f0cb92dd92d5bdc80ecfc38664a1afd921d1\"\u003e\u003ccode\u003e55e5f0c\u003c/code\u003e\u003c/a\u003e Implement new-style unions with TypeVars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/davidhalter/jedi/compare/v0.19.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.14.0 to 0.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0bb22aa6b3a4d729e6c7bae74c05a5d0f1f654b0\"\u003e\u003ccode\u003e0bb22aa\u003c/code\u003e\u003c/a\u003e release: 0.15.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0f3e5eb48a5fff16d825f9af2ea7c6748bbdfbb8\"\u003e\u003ccode\u003e0f3e5eb\u003c/code\u003e\u003c/a\u003e expose \u003ccode\u003eknown_number_bytes\u003c/code\u003e and parser methods for bytes -\u0026gt; number (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.14.0...v0.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-events` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/releases\"\u003ejupyter-events's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.1\u003c/h2\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3AZsailer+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/blob/main/CHANGELOG.md\"\u003ejupyter-events's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/BryanOwens012/which-glp/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BryanOwens012%2Fwhich-glp/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"},{"uuid":"4520870249","node_id":"PR_kwDOPiJZBs7fPRt2","number":15,"state":"open","title":"Bump the pip group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:35:02.000Z","updated_at":"2026-05-26T04:57:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":19,"packages":[{"name":"urllib3","old_version":"1.25.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"23.12.1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"certifi","old_version":"2023.11.17","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.6","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.3.2","new_version":"1.5.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"setuptools","old_version":"69.0.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jupyter-server","old_version":"2.12.5","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.0.11","new_version":"4.5.7","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"mistune","old_version":"3.0.2","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.14.2","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"},{"name":"notebook","old_version":"7.0.7","new_version":"7.5.6","repository_url":"https://github.com/jupyter/notebook"},{"name":"tornado","old_version":"6.4","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"cryptography","old_version":"41.0.7","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"tqdm","old_version":"4.66.1","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"zipp","old_version":"3.17.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"},{"name":"pyopenssl","old_version":"23.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the /test/requirements/compiled directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.25.3` | `2.7.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [certifi](https://github.com/certifi/python-certifi) | `2023.11.17` | `2024.7.4` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.5.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `69.0.3` | `78.1.1` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.12.5` | `2.18.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.0.11` | `4.5.7` |\n| [mistune](https://github.com/lepture/mistune) | `3.0.2` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.14.2` | `7.17.1` |\n| [notebook](https://github.com/jupyter/notebook) | `7.0.7` | `7.5.6` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4` | `6.5.5` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.7` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.66.1` | `4.66.3` |\n| [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.3.0` | `26.0.0` |\n\n\nUpdates `urllib3` from 1.25.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.25.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 23.12.1 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/23.12.1...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2023.11.17 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2023.11.17...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.3.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.3.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 69.0.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v69.0.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-ser...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 19 Python dependencies across test requirement files, bringing packages to their latest versions with security fixes, bug fixes, and new features.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Critical security fixes in urllib3 (CVE-2026-21441), requests (CVE-2026-25645), cryptography, and jinja2 (multiple CVEs)\n- **Major Version Bumps**: Black updated from 23.12.1 to 26.3.1, pytest from 7.4.4 to 9.0.3, scikit-learn from 1.3.2 to 1.5.0\n- **Jupyter Ecosystem**: Comprehensive updates to jupyter-server (2.12.5→2.18.0), jupyterlab (4.0.11→4.5.7), notebook (7.0.7→7.5.6)\n- **Infrastructure Libraries**: urllib3 major update (1.25.3→2.7.0), setuptools (69.0.3→78.1.1), cryptography (41.0.7→46.0.7)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 19 Outdated Packages]\n    B --\u003e C[Security Vulnerabilities Found]\n    B --\u003e D[Feature Updates Available]\n    C --\u003e E[urllib3: Decompression bomb fixes]\n    C --\u003e F[requests: Malicious file replacement fix]\n    C --\u003e G[jinja2: Sandbox bypass fixes]\n    C --\u003e H[cryptography: Security patches]\n    D --\u003e I[Black: Jupyter notebook improvements]\n    D --\u003e J[pytest: Python 3.14 support]\n    D --\u003e K[scikit-learn: New ML features]\n    E --\u003e L[Updated Requirements Files]\n    F --\u003e L\n    G --\u003e L\n    H --\u003e L\n    I --\u003e L\n    J --\u003e L\n    K --\u003e L\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including decompression bomb vulnerabilities, malicious file replacement, and sandbox bypass issues\n- **Compatibility Improvements**: Adds Python 3.14 support in pytest, removes deprecated features, and improves Windows compatibility\n- **Development Experience**: Enhanced Jupyter notebook support, better error messages, improved type annotations, and performance optimizations\n- **Testing Infrastructure**: Updated pytest with better async support, improved error handling, and enhanced debugging capabilities\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/uv/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fuv/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4505985755","node_id":"PR_kwDOB5H3vc7eg51v","number":847,"state":"open","title":"chore(deps-dev): bump mistune from 0.8.4 to 3.2.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T22:51:13.000Z","updated_at":"2026-05-22T23:38:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"mistune","old_version":"0.8.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 0.8.4 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jan 28, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v0.8.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/jazzband/django-eav2/pull/847","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jazzband%2Fdjango-eav2/issues/847","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/847/packages"},{"uuid":"4482866515","node_id":"PR_kwDONasQ6M7dV77z","number":5,"state":"open","title":"Bump the pip group across 28 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T03:29:07.000Z","updated_at":"2026-05-20T03:30:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":4,"packages":[{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"mistune","old_version":"2.0.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"mistune","old_version":"2.0.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the /wandb/run-20241208_233803-k50mdb94/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_234207-719gd67m/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_234348-3k843q5m/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_234927-0lormxok/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_235259-zo0177ba/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_001012-4p02l17t/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_003341-6ob8tc23/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_003544-nngnnaj1/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_003742-spjrnvfl/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_004548-pxlrlgu6/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_004625-3rtc2d1g/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_004945-hybasejc/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_005014-dkqdw2xf/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_005851-p2jjssp9/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_005923-ujmv6hg0/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_010713-uolr87wa/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_020634-3mme08dr/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_030055-vtglop6r/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_031342-h3ohlpzy/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_031452-h7pr4syu/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_033810-69h4jquw/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_034448-z838uymc/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_035835-oiah2ikz/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_041232-80wxu08d/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_041709-vvefq1b8/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_043649-4snvizf0/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_043855-yf41zoni/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_044357-2cudcxy1/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 2.0.4 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jan 28, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v2.0.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ujson` from 5.10.0 to 5.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ultrajson/ultrajson/releases\"\u003eujson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.12.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e) \u003ca href=\"https://github.com/nhancdt2602\"\u003e\u003ccode\u003e@​nhancdt2602\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix memory leak when \u003ccode\u003eujson.dump()\u003c/code\u003e is unable to write to its file (0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that pre-built wheels for graalpy on macOS have been omitted from this release due to infrastructural issues building them (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/731\"\u003e#731\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e5.12.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license field (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/693\"\u003e#693\u003c/a\u003e) \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild wheels for GraalPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/685\"\u003e#685\u003c/a\u003e) \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/686\"\u003e#686\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix memory leak parsing large integers (\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\"\u003ehttps://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix buffer overflow/infinite loop from indent handling (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/709\"\u003e#709\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove upper bound of setuptools for PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/704\"\u003e#704\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.11.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInline type stubs (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/674\"\u003e#674\u003c/a\u003e) \u003ca href=\"https://github.com/MarcoGorelli\"\u003e\u003ccode\u003e@​MarcoGorelli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/680\"\u003e#680\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for PyPy3.11 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/658\"\u003e#658\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows ARM64 wheels (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/663\"\u003e#663\u003c/a\u003e) \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to \u003ccode\u003esrc/\u003c/code\u003e layout (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/664\"\u003e#664\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild aarch64 wheels using native runners (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/652\"\u003e#652\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/645\"\u003e#645\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL PyPy3.8-PyPy3.10 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/639\"\u003e#639\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/682\"\u003e#682\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/667\"\u003e#667\u003c/a\u003e) \u003ca href=\"https://github.com/grandnew\"\u003e\u003ccode\u003e@​grandnew\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools \u0026lt; 72.2 to fix build on PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/638\"\u003e#638\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md example to match actual output (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/654\"\u003e#654\u003c/a\u003e) \u003ca href=\"https://github.com/AvdN\"\u003e\u003ccode\u003e@​AvdN\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/7d9036f4896256ac772fdb45d27d45463efe59cb\"\u003e\u003ccode\u003e7d9036f\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853\"\u003e\u003ccode\u003e0bf630a\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/46f75969b18e1d37da3ad0fbb1954d146e072c5d\"\u003e\u003ccode\u003e46f7596\u003c/code\u003e\u003c/a\u003e Enable read access for CI/CD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9\"\u003e\u003ccode\u003e82af1d0\u003c/code\u003e\u003c/a\u003e Fix failure cleanup paths in ujson.dump()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ceae6cd09dd1c29e747fa4041febcd4fdfd33c0a\"\u003e\u003ccode\u003eceae6cd\u003c/code\u003e\u003c/a\u003e Gitignore .fuse_hidden and .DS_Store files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/dd87ed388816eb5a02bc6f752c27cda5df5c1aa1\"\u003e\u003ccode\u003edd87ed3\u003c/code\u003e\u003c/a\u003e Improve unit test coverage (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ddbe2da83bd7fe9940eec1766bd75e21e76bc7d7\"\u003e\u003ccode\u003eddbe2da\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/3be5ae59f5548ec9a1fef56bfa2a005cfa5c6c09\"\u003e\u003ccode\u003e3be5ae5\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/9f90a8c797a20c19a80b78d340ac4251626c7494\"\u003e\u003ccode\u003e9f90a8c\u003c/code\u003e\u003c/a\u003e Fix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/f1574e57b8a31efaa9b1bfa530c672bc1fe3536d\"\u003e\u003ccode\u003ef1574e5\u003c/code\u003e\u003c/a\u003e Hash pin GitHub Actions (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ultrajson/ultrajson/compare/5.10.0...5.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.2.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.2.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 2.0.4 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jan 28, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v2.0.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ujson` from 5.10.0 to 5.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ultrajson/ultrajson/releases\"\u003eujson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.12.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e) \u003ca href=\"https://github.com/nhancdt2602\"\u003e\u003ccode\u003e@​nhancdt2602\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix memory leak when \u003ccode\u003eujson.dump()\u003c/code\u003e is unable to write to its file (0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that pre-built wheels for graalpy on macOS have been omitted from this release due to infrastructural issues building them (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/731\"\u003e#731\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e5.12.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license field (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/693\"\u003e#693\u003c/a\u003e) \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild wheels for GraalPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/685\"\u003e#685\u003c/a\u003e) \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/686\"\u003e#686\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix memory leak parsing large integers (\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\"\u003ehttps://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix buffer overflow/infinite loop from indent handling (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/709\"\u003e#709\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove upper bound of setuptools for PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/704\"\u003e#704\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.11.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInline type stubs (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/674\"\u003e#674\u003c/a\u003e) \u003ca href=\"https://github.com/MarcoGorelli\"\u003e\u003ccode\u003e@​MarcoGorelli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/680\"\u003e#680\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for PyPy3.11 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/658\"\u003e#658\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows ARM64 wheels (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/663\"\u003e#663\u003c/a\u003e) \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to \u003ccode\u003esrc/\u003c/code\u003e layout (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/664\"\u003e#664\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild aarch64 wheels using native runners (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/652\"\u003e#652\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/645\"\u003e#645\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL PyPy3.8-PyPy3.10 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/639\"\u003e#639\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/682\"\u003e#682\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/667\"\u003e#667\u003c/a\u003e) \u003ca href=\"https://github.com/grandnew\"\u003e\u003ccode\u003e@​grandnew\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools \u0026lt; 72.2 to fix build on PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/638\"\u003e#638\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md example to match actual output (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/654\"\u003e#654\u003c/a\u003e) \u003ca href=\"https://github.com/AvdN\"\u003e\u003ccode\u003e@​AvdN\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/7d9036f4896256ac772fdb45d27d45463efe59cb\"\u003e\u003ccode\u003e7d9036f\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853\"\u003e\u003ccode\u003e0bf630a\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/46f75969b18e1d37da3ad0fbb1954d146e072c5d\"\u003e\u003ccode\u003e46f7596\u003c/code\u003e\u003c/a\u003e Enable read access for CI/CD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9\"\u003e\u003ccode\u003e82af1d0\u003c/code\u003e\u003c/a\u003e Fix failure cleanup paths in ujson.dump()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ceae6cd09dd1c29e747fa4041febcd4fdfd33c0a\"\u003e\u003ccode\u003eceae6cd\u003c/code\u003e\u003c/a\u003e Gitignore .fuse_hidden and .DS_Store files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/dd87ed388816eb5a02bc6f752c27cda5df5c1aa1\"\u003e\u003ccode\u003edd87ed3\u003c/code\u003e\u003c/a\u003e Improve unit test coverage (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ddbe2da83bd7fe9940eec1766bd75e21e76bc7d7\"\u003e\u003ccode\u003eddbe2da\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/3be5ae59f5548ec9a1fef56bfa2a005cfa5c6c09\"\u003e\u003ccode\u003e3be5ae5\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/9f90a8c797a20c19a80b78d340ac4251626c7494\"\u003e\u003ccode\u003e9f90a8c\u003c/code\u003e\u003c/a\u003e Fix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/f1574e57b8a31efaa9b1bfa530c672bc1fe3536d\"\u003e\u003ccode\u003ef1574e5\u003c/code\u003e\u003c/a\u003e Hash pin GitHub Actions (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ultrajson/ultrajson/compare/5.10.0...5.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.2.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nBump dependency pins across 28 W\u0026B run directories to pick up security and compatibility updates. Only requirements.txt files were changed, upgrading `idna`, `mistune`, `ujson`, and `urllib3`.\n\n- **Dependencies**\n  - `idna`: 3.7 → 3.15\n  - `mistune`: 2.0.4 → 3.2.1\n  - `ujson`: 5.10.0 → 5.12.1\n  - `urllib3`: 2.2.3 → 2.7.0\n\n- **Migration**\n  - Ensure Python ≥ 3.10 (new `urllib3`/`ujson` drop 3.9).\n  - If you use `mistune` directly, verify compatibility with 3.x API.\n\n\u003csup\u003eWritten for commit a6b59fcf5fffdf9397dc3a73d66af4492a151433. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/affaan-m/Behavioral_RL/pull/5?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/affaan-m/Behavioral_RL/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/affaan-m%2FBehavioral_RL/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4471734015","node_id":"PR_kwDOHGh0ac7cyDPP","number":948,"state":"closed","title":"build(deps): bump the pipenv group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T11:00:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T18:53:07.000Z","updated_at":"2026-05-29T11:00:48.000Z","time_to_close":922058,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pipenv","update_count":11,"packages":[{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"python-multipart","old_version":"0.0.27","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"tox","old_version":"4.52.0","new_version":"4.54.0","repository_url":"https://github.com/tox-dev/tox"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"cryptography","old_version":"46.0.6","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"myst-parser","old_version":"5.0.0","new_version":"5.1.0","repository_url":"https://github.com/executablebooks/MyST-Parser"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pipenv group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.47.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.27` | `0.0.29` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [tox](https://github.com/tox-dev/tox) | `4.52.0` | `4.54.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `48.0.0` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [myst-parser](https://github.com/executablebooks/MyST-Parser) | `5.0.0` | `5.1.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n\n\nUpdates `fastapi` from 0.135.3 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.44.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2906\"\u003e#2906\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/6761b2c8f9272fa0e908d0b9cdcb3cb0aa11382f\"\u003e\u003ccode\u003e6761b2c\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2923\"\u003e#2923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/438f64834de00708a9bb3548a36090e7a924ad84\"\u003e\u003ccode\u003e438f648\u003c/code\u003e\u003c/a\u003e Surface sponsors on welcome page and sidebar (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2921\"\u003e#2921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/10ddc6dd296cb6e432a00835abe27f1c822373c1\"\u003e\u003ccode\u003e10ddc6d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/b499bc45101d920e691e384025d728507215d4d1\"\u003e\u003ccode\u003eb499bc4\u003c/code\u003e\u003c/a\u003e Eagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.27 to 0.0.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d1b57392cf7d0c19235ba454eb5686fd27dc2384\"\u003e\u003ccode\u003ed1b5739\u003c/code\u003e\u003c/a\u003e Speed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/09cb8c3da7638d45ecdf7c154832303214bba829\"\u003e\u003ccode\u003e09cb8c3\u003c/code\u003e\u003c/a\u003e Make the long_boundary benchmark dominated by the patched code path (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a6467c93c14aa4b09ef65450ead8011c45e5c7a0\"\u003e\u003ccode\u003ea6467c9\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Switch CodSpeed benchmarks to walltime mode\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a9690035a956fbdcca06f98461244cf790375a7\"\u003e\u003ccode\u003e9a96900\u003c/code\u003e\u003c/a\u003e Switch CodSpeed benchmarks to walltime mode (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/278\"\u003e#278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tox` from 4.52.0 to 4.54.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/releases\"\u003etox's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.54.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🧪 test(conftest): strip broken nspkg.pth files under py3.15 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3937\"\u003etox-dev/tox#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(packaging): declare tox.pytest deps via a testing extra by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3940\"\u003etox-dev/tox#3940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(schema): cover every replace form in the TOML schema by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3941\"\u003etox-dev/tox#3941\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.1...4.54.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.1...4.54.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(security): harden user-facing logs and untrusted inputs by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3924\"\u003etox-dev/tox#3924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(type): correct argparse override signatures for ty 0.0.33 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3932\"\u003etox-dev/tox#3932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow deps arrays in TOML schema by \u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.0...4.53.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.0...4.53.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(toml): allow bare range/labeled dicts in env_list by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3923\"\u003etox-dev/tox#3923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.1...4.53.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.1...4.53.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.52.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse normalize_isa for architecture factor matching by \u003ca href=\"https://github.com/rahuldevikar\"\u003e\u003ccode\u003e@​rahuldevikar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3919\"\u003etox-dev/tox#3919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(pip): invalidate install cache on resolution env var changes by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3921\"\u003etox-dev/tox#3921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.0...4.52.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.0...4.52.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/blob/main/docs/changelog.rst\"\u003etox's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eFeatures - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeclare the runtime dependencies of the \u003ccode\u003etox.pytest\u003c/code\u003e plugin (\u003ccode\u003epytest\u003c/code\u003e, \u003ccode\u003edevpi-process\u003c/code\u003e and \u003ccode\u003epytest-mock\u003c/code\u003e)\nunder a new \u003ccode\u003etesting\u003c/code\u003e extra, so plugin authors can pull them in via \u003ccode\u003etox[testing]\u003c/code\u003e - by :user:\u003ccode\u003egaborbernat\u003c/code\u003e.\n(:issue:\u003ccode\u003e3938\u003c/code\u003e, :issue:\u003ccode\u003e3940\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eExtend the generated TOML schema to cover every \u003ccode\u003ereplace\u003c/code\u003e table form (\u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eref\u003c/code\u003e, \u003ccode\u003eposargs\u003c/code\u003e, \u003ccode\u003eglob\u003c/code\u003e,\n\u003ccode\u003eif\u003c/code\u003e), including conditional replacements used inside \u003ccode\u003ecommands\u003c/code\u003e. A guard test asserts the schema stays in sync\nwith the loader implementation so future replace types cannot be added without a corresponding schema entry.\n(:issue:\u003ccode\u003e3939\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.1 (2026-05-02)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eBug fixes - 4.53.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHardening pass on user-facing logging and config parsing:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMask secret-looking \u003ccode\u003e--key=value\u003c/code\u003e flag values in command logs (terminal warnings, \u003ccode\u003e.tox/\u0026lt;env\u0026gt;/log/*.log\u003c/code\u003e, and\n\u003ccode\u003eOutcome\u003c/code\u003e \u003ccode\u003e__repr__\u003c/code\u003e) using the same keyword regex previously applied to environment variable values.\u003c/li\u003e\n\u003cli\u003eResolve PEP 723 \u003ccode\u003escript\u003c/code\u003e paths and reject any that escape \u003ccode\u003etox_root\u003c/code\u003e; cap the script read at 5 MiB so a symlink\nto \u003ccode\u003e/dev/zero\u003c/code\u003e cannot exhaust memory.\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003eeval()\u003c/code\u003e of a constructed \u003ccode\u003eLiteral[...]\u003c/code\u003e string in the CLI parser with a direct\n\u003ccode\u003eLiteral[tuple(action.choices)]\u003c/code\u003e subscript.\u003c/li\u003e\n\u003cli\u003ePass \u003ccode\u003etimeout=30\u003c/code\u003e to \u003ccode\u003eurlopen\u003c/code\u003e when fetching a remote requirements file so a slow or unresponsive mirror cannot\nhang \u003ccode\u003etox\u003c/code\u003e indefinitely. (:issue:\u003ccode\u003e3924\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow the generated TOML schema to validate array values for \u003ccode\u003edeps\u003c/code\u003e. (:issue:\u003ccode\u003e3929\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCorrect type annotations for \u003ccode\u003eArgumentParser.parse_args\u003c/code\u003e and \u003ccode\u003eparse_known_args\u003c/code\u003e overrides following \u003ccode\u003etypeshed PR [#15613](https://github.com/tox-dev/tox/issues/15613) \u0026lt;https://github.com/python/typeshed/pull/15613\u0026gt;\u003c/code\u003e_, which widened the \u003ccode\u003eargs\u003c/code\u003e parameter from \u003ccode\u003eSequence[str]\u003c/code\u003e\nto \u003ccode\u003eIterable[str]\u003c/code\u003e. The narrower type in tox's overrides violated the Liskov substitution principle and caused\n\u003ccode\u003einvalid-method-override\u003c/code\u003e errors with \u003ccode\u003ety\u003c/code\u003e 0.0.33. Also correct the \u003ccode\u003eoption_spec\u003c/code\u003e annotation in\n\u003ccode\u003edocs/tox_conf.py\u003c/code\u003e to \u003ccode\u003eClassVar[dict[str, Callable[[str], Any]]]\u003c/code\u003e matching the docutils stubs type.\n(:issue:\u003ccode\u003e3932\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.0 (2026-04-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eFeatures - 4.53.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eTOML \u003ccode\u003eenv_list\u003c/code\u003e now accepts bare range dicts (\u003ccode\u003e{ prefix = \u0026quot;3.\u0026quot;, start = 12, stop = 14 }\u003c/code\u003e) and bare labeled dicts\n(\u003ccode\u003e{ ecosystem = [\u0026quot;oci\u0026quot;, \u0026quot;python\u0026quot;] }\u003c/code\u003e) as top-level items, removing the \u003ccode\u003e{ product = [...] }\u003c/code\u003e wrapper when there is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1f1fcc7a53665a827d8a304190696c6926ebb2eb\"\u003e\u003ccode\u003e1f1fcc7\u003c/code\u003e\u003c/a\u003e release 4.54.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/b35c8eedaf94906ed0e7938c7526dced550e6fa0\"\u003e\u003ccode\u003eb35c8ee\u003c/code\u003e\u003c/a\u003e 🐛 fix(schema): cover every replace form in the TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3941\"\u003e#3941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/6eb5c4f5eec439b3924d6adb3d9d16ea7fc88a20\"\u003e\u003ccode\u003e6eb5c4f\u003c/code\u003e\u003c/a\u003e ✨ feat(packaging): declare tox.pytest deps via a testing extra (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3940\"\u003e#3940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1ad47ddaab21c891f136a9627d1c6cdb6ea655d7\"\u003e\u003ccode\u003e1ad47dd\u003c/code\u003e\u003c/a\u003e 🧪 test(conftest): strip broken nspkg.pth files under py3.15 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3937\"\u003e#3937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dfba9661b10aa5148daf7267b80fec50f4faa9d2\"\u003e\u003ccode\u003edfba966\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3936\"\u003e#3936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/21069af5f5b93774f88c271d5deb1389cd2caf12\"\u003e\u003ccode\u003e21069af\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3933\"\u003e#3933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/2b177917e4c0208c3e380e43f8d32d507180d82e\"\u003e\u003ccode\u003e2b17791\u003c/code\u003e\u003c/a\u003e release 4.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/86234dd57fc6a6dbf801aa98a91642cb9daf1dc8\"\u003e\u003ccode\u003e86234dd\u003c/code\u003e\u003c/a\u003e fix: allow deps arrays in TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3931\"\u003e#3931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dd305fe8f347c49fcd3bd63d5e56c912e4c428f2\"\u003e\u003ccode\u003edd305fe\u003c/code\u003e\u003c/a\u003e 🐛 fix(type): correct argparse override signatures for ty 0.0.33 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3932\"\u003e#3932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/3aa3cd5d4226dfdb54de3de810cd9367390c6424\"\u003e\u003ccode\u003e3aa3cd5\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.0...4.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.6 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.2.0 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `myst-parser` from 5.0.0 to 5.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/MyST-Parser/releases\"\u003emyst-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003e✨ New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003e\u0026quot;alert\u0026quot;\u003c/code\u003e syntax extension for \u003ca href=\"https://docs.github.com/en/get-started/writing-on-github/getting...\n\n_Description has been truncated_","html_url":"https://github.com/repository-service-tuf/repository-service-tuf-api/pull/948","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/repository-service-tuf%2Frepository-service-tuf-api/issues/948","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/948/packages"},{"uuid":"4437148476","node_id":"PR_kwDOQGKXZs7bE7g7","number":38,"state":"closed","title":"chore(deps): bump the uv group across 46 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T21:17:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T10:41:15.000Z","updated_at":"2026-05-19T21:17:03.000Z","time_to_close":556545,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":3,"packages":[{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.4.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the /llama-index-experimental directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 2 updates in the /llama-index-finetuning directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-agent-search-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-amazon-product-extraction directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-arize-phoenix-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-auto-merging-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-chroma-autoretrieval directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-code-hierarchy directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-cohere-citation-chat directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-deeplake-deepmemory-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-deeplake-multimodal-retrieval directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-dense-x-retrieval directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-diff-private-simple-dataset directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-evaluator-benchmarker directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-fusion-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-fuzzy-citation directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-gmail-openai-agent directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-koda-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-llama-dataset-metadata directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-llama-guard-moderator directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-llava-completion directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-longrag directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-mixture-of-agents directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-multi-tenancy-rag directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-multidoc-autoretrieval directory: [mistune](https://github.com/lepture/mistune) and [authlib](https://github.com/authlib/authlib).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-nebulagraph-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-neo4j-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-node-parser-semantic-chunking directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-ollama-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-panel-chatbot directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-raft-dataset directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-rag-evaluator directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-ragatouille-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-raptor directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-recursive-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-resume-screener directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-retry-engine-weaviate directory: [mistune](https://github.com/lepture/mistune) and [authlib](https://github.com/authlib/authlib).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-searchain directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-self-discover directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-self-rag directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-sentence-window-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-snowflake-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-stock-market-data-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-streamlit-chatbot directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-sub-question-weaviate directory: [mistune](https://github.com/lepture/mistune) and [authlib](https://github.com/authlib/authlib).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-timescale-vector-autoretrieval directory: [mistune](https://github.com/lepture/mistune).\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.4.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.4.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.4.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/isaacus-dev/llama_index/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacus-dev%2Fllama_index/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"},{"uuid":"4425558151","node_id":"PR_kwDOFx4mls7afUWm","number":2108,"state":"open","title":"build(deps): bump the uv group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","root","size/XS","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T01:48:30.000Z","updated_at":"2026-05-12T01:53:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":9,"packages":[{"name":"dtale","old_version":"3.21.0","new_version":"3.22.0","repository_url":"https://github.com/man-group/dtale"},{"name":"jupyterlab","old_version":"4.5.6","new_version":"4.5.7","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"cryptography","old_version":"46.0.6","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"flask","old_version":"3.0.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.17.0","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dtale](https://github.com/man-group/dtale) | `3.21.0` | `3.22.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.6` | `4.5.7` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `46.0.7` |\n| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.18.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.17.0` | `7.17.1` |\n\n\nUpdates `dtale` from 3.21.0 to 3.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/man-group/dtale/releases\"\u003edtale's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eD-Tale 3.22.0\u003c/h2\u003e\n\u003cp\u003eHighlights include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CWE-502: unsafe deserialization in Redis and Shelve storage backends\u003c/li\u003e\n\u003cli\u003eBump vulnerable transitive npm dependencies to patched versions\u003c/li\u003e\n\u003cli\u003eremove dependency on dash-daq outside of python2.7 and unpin dash \u0026amp; dash-bootstrap-components\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.14\u003c/li\u003e\n\u003cli\u003eupdates to \u003ccode\u003esave-column-filter\u003c/code\u003e endpoint to guard against code injection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/man-group/dtale/blob/master/CHANGES.md\"\u003edtale's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e3.22.0 (2026-3-31)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix CWE-502: unsafe deserialization in Redis and Shelve storage backends\u003c/li\u003e\n\u003cli\u003eBump vulnerable transitive npm dependencies to patched versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/man-group/dtale/commits/v3.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyterlab` from 4.5.6 to 4.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyterlab/jupyterlab/releases\"\u003ejupyterlab's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.7\u003c/h2\u003e\n\u003ch2\u003e4.5.7\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyterlab/jupyterlab/compare/v4.5.6...66fe9adfc1d501d1368404037f26925870741933\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-42557 \u003ca href=\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg\"\u003ehttps://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-42266 \u003ca href=\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\"\u003ehttps://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40171 \u003ca href=\"https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9\"\u003ehttps://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eVideo and Audio Content Providers: Fix JupyterLite support \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18652\"\u003e#18652\u003c/a\u003e (\u003ca href=\"https://github.com/martinRenou\"\u003e\u003ccode\u003e@​martinRenou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix notebook hang when dropping cells \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18808\"\u003e#18808\u003c/a\u003e (\u003ca href=\"https://github.com/MUFFANUJ\"\u003e\u003ccode\u003e@​MUFFANUJ\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Contextual Help keyboard shortcut reliability and menu Help functionality \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18747\"\u003e#18747\u003c/a\u003e (\u003ca href=\"https://github.com/itsmejay80\"\u003e\u003ccode\u003e@​itsmejay80\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix focusing input element when opening a dialog from Command Palette \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18735\"\u003e#18735\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix native context menu blocked even when context menu is suppressed \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18753\"\u003e#18753\u003c/a\u003e (\u003ca href=\"https://github.com/utsav-develops\"\u003e\u003ccode\u003e@​utsav-develops\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky toolbar item placement in popup \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18618\"\u003e#18618\u003c/a\u003e (\u003ca href=\"https://github.com/filipeoliveira05\"\u003e\u003ccode\u003e@​filipeoliveira05\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate terminal default font family to honor macOS system-wide ui-monospace \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18647\"\u003e#18647\u003c/a\u003e (\u003ca href=\"https://github.com/flaviomartins\"\u003e\u003ccode\u003e@​flaviomartins\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix linting issue \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18819\"\u003e#18819\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix syntax for Python 3.9 on \u003ccode\u003e4.5.x\u003c/code\u003e branch \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18817\"\u003e#18817\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unused CodeMirror v5 CSS rule \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18785\"\u003e#18785\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unused CSS rule forgotten after CodeMirror migration \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18763\"\u003e#18763\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unused progress bar CSS rule in execution indicator \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18759\"\u003e#18759\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dead \u003ccode\u003e.jp-VariableRenderer-TrustButton\u003c/code\u003e CSS rule \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18762\"\u003e#18762\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove used \u003ccode\u003e.jp-Cell-Placeholder\u003c/code\u003e CSS rules \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18761\"\u003e#18761\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix name of option for extension manager implementation in docs \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18788\"\u003e#18788\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove 4.5.0 announcement from docs \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18740\"\u003e#18740\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2026-03-11\u0026amp;to=2026-04-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3ACarreau+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/filipeoliveira05\"\u003e\u003ccode\u003e@​filipeoliveira05\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Afilipeoliveira05+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/flaviomartins\"\u003e\u003ccode\u003e@​flaviomartins\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Aflaviomartins+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/itsmejay80\"\u003e\u003ccode\u003e@​itsmejay80\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Aitsmejay80+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ajtpio+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/martinRenou\"\u003e\u003ccode\u003e@​martinRenou\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AmartinRenou+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MUFFANUJ\"\u003e\u003ccode\u003e@​MUFFANUJ\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AMUFFANUJ+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/utsav-develops\"\u003e\u003ccode\u003e@​utsav-develops\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Autsav-develops+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/f51404192bf6d0ff79187c884f21e1f91b928146\"\u003e\u003ccode\u003ef514041\u003c/code\u003e\u003c/a\u003e [ci skip] Publish 4.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/66fe9adfc1d501d1368404037f26925870741933\"\u003e\u003ccode\u003e66fe9ad\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18652\"\u003e#18652\u003c/a\u003e on branch 4.5.x (Video and Audio Content Providers: Fix Ju...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/f4455fac1b3c5b3ac4f06c95f78cfd39fb3157ed\"\u003e\u003ccode\u003ef4455fa\u003c/code\u003e\u003c/a\u003e Fix syntax for Python 3.9 on \u003ccode\u003e4.5.x\u003c/code\u003e branch (\u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18817\"\u003e#18817\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/d2322b5f54c61945d1cfbaebfcfba1a76a1bce79\"\u003e\u003ccode\u003ed2322b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18819\"\u003e#18819\u003c/a\u003e on branch 4.5.x (Fix linting issue) (\u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18820\"\u003e#18820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/5d9cb8c634e081028ea6df4dd7149a1b1a84ec56\"\u003e\u003ccode\u003e5d9cb8c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/1de120b5fe52f1148b45ca6ccbb03754e259b792\"\u003e\u003ccode\u003e1de120b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/6926100ea09e41a48446406c0b8cc02539c6ede1\"\u003e\u003ccode\u003e6926100\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18808\"\u003e#18808\u003c/a\u003e on branch 4.5.x (Fix notebook hang when dropping cells) (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/67e6e88f7c4ec02a064f24b7a0d3f09af7eaab70\"\u003e\u003ccode\u003e67e6e88\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18647\"\u003e#18647\u003c/a\u003e on branch 4.5.x (Update default font family to honor macOS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/bf21eb97eb2d61f1a084a0562be73108fe8ddb4f\"\u003e\u003ccode\u003ebf21eb9\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18747\"\u003e#18747\u003c/a\u003e on branch 4.5.x (Fix Contextual Help keyboard shortcut rel...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/73cafa54f9dbaa5e7034223cd0961a9eb0195995\"\u003e\u003ccode\u003e73cafa5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18788\"\u003e#18788\u003c/a\u003e on branch 4.5.x (Fix name of option for extension manager ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.5.6...@jupyterlab/lsp@4.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.6 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-server` from 2.17.0 to 2.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-40110 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2025-61669 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40934 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-35397 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop  blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix context pollution \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1561\"\u003e#1561\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix gateway cookie handling \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1558\"\u003e#1558\u003c/a\u003e (\u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/RRosio\"\u003e\u003ccode\u003e@​RRosio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix connection exception cause high cpu load \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1484\"\u003e#1484\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStart to test on Python 3.13 and 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1623\"\u003e#1623\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1621\"\u003e#1621\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1615\"\u003e#1615\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix package spec for jupytext \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1614\"\u003e#1614\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update pre-commit hooks \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1607\"\u003e#1607\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etry to fix ci on windows \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1600\"\u003e#1600\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erun prerelease tests on 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1599\"\u003e#1599\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin sphinx to an older version (\u0026lt;9) to fix docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1597\"\u003e#1597\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid redundant call to \u003ccode\u003e_get_os_path\u003c/code\u003e in \u003ccode\u003e_dir_model\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1547\"\u003e#1547\u003c/a\u003e (\u003ca href=\"https://github.com/joeyutong\"\u003e\u003ccode\u003e@​joeyutong\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow specifying extra params to scrub from logs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1538\"\u003e#1538\u003c/a\u003e (\u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a logger to the ExtensionPoint API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1523\"\u003e#1523\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow user to update identity values \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1518\"\u003e#1518\u003c/a\u003e (\u003ca href=\"https://github.com/brichet\"\u003e\u003ccode\u003e@​brichet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIf ServerApp.ip is ipv6 use [::1] as local_url \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1495\"\u003e#1495\u003c/a\u003e (\u003ca href=\"https://github.com/manics\"\u003e\u003ccode\u003e@​manics\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/afshin\"\u003e\u003ccode\u003e@​afshin\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter error message when starting kernel for session. \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1478\"\u003e#1478\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a traitlet to disable recording HTTP request metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1472\"\u003e#1472\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprometheus: Expose 3 activity metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1471\"\u003e#1471\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus info metrics listing server extensions + versions \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1470\"\u003e#1470\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus metric with version information \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1467\"\u003e#1467\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't hide .so,.dylib files by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1457\"\u003e#1457\u003c/a\u003e (\u003ca href=\"https://github.com/nokados\"\u003e\u003ccode\u003e@​nokados\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter hash format error message \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1442\"\u003e#1442\u003c/a\u003e (\u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoving excessive logging from reading local files \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1420\"\u003e#1420\u003c/a\u003e (\u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd async start hook to ExtensionApp API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1417\"\u003e#1417\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Darshan808\"\u003e\u003ccode\u003e@​Darshan808\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not include token in dashboard link, when available \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1406\"\u003e#1406\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to have authentication enabled for all endpoints by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1392\"\u003e#1392\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewebsockets: add configurations for ping interval and timeout \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1391\"\u003e#1391\u003c/a\u003e (\u003ca href=\"https://github.com/oliver-sanders\"\u003e\u003ccode\u003e@​oliver-sanders\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elog extension import time at debug level unless it's actually slow \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1375\"\u003e#1375\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for async Authorizers (part 2) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1374\"\u003e#1374\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport async Authorizers \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1373\"\u003e#1373\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport get file(notebook) md5 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1363\"\u003e#1363\u003c/a\u003e (\u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kernel env to reflect changes in session \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1354\"\u003e#1354\u003c/a\u003e (\u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0ceed45a803ca36735f0fcfeb6d9db9430a50aa0\"\u003e\u003ccode\u003e0ceed45\u003c/code\u003e\u003c/a\u003e Publish 2.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003e\u003ccode\u003e49b3439\u003c/code\u003e\u003c/a\u003e Move check origin into a util function and add it to websocket (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1630\"\u003e#1630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e2e08c845ddbc41fddcb2449601d2ecbd9dd5977\"\u003e\u003ccode\u003ee2e08c8\u003c/code\u003e\u003c/a\u003e Add test case for bad next URL format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/624d6c0daf573e254a3fd69ca5318ce8194235bf\"\u003e\u003ccode\u003e624d6c0\u003c/code\u003e\u003c/a\u003e Delete outdated patch code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/d825b93d9cf2da248d5baa6ca910611f275fa449\"\u003e\u003ccode\u003ed825b93\u003c/code\u003e\u003c/a\u003e Apply suggestion from \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/789fed081a489ff38c50ec9f6c0364cb677d4cd2\"\u003e\u003ccode\u003e789fed0\u003c/code\u003e\u003c/a\u003e patch open redirect in /login\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/2ee51eccf3ff2e27068cc0b7a39101eeedc4f665\"\u003e\u003ccode\u003e2ee51ec\u003c/code\u003e\u003c/a\u003e fix(CVE-2026-35397): path traversal when target dir starts with root dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea\"\u003e\u003ccode\u003e057869a\u003c/code\u003e\u003c/a\u003e Fix allow_origin_pat to do full matching instead of prefix matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/4862199a0fffacd4d2e4a0c2e61fc8bb5ffa52f0\"\u003e\u003ccode\u003e4862199\u003c/code\u003e\u003c/a\u003e Add resolvePath API for resolving kernel-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e31d51406de6a9b167b796ec79ab3315630d514a\"\u003e\u003ccode\u003ee31d514\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3 in the actions group across ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...v2.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.2.0 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nbconvert` from 7.17.0 to 7.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.1\u003c/h2\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Ken-B\"\u003e\u003ccode\u003e@​Ken-B\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgeier\"\u003e\u003ccode\u003e@​mgeier\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mpacer\"\u003e\u003ccode\u003e@​mpacer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/SylvainCorlay\"\u003e\u003ccode\u003e@​SylvainCorlay\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/takluyver\"\u003e\u003ccode\u003e@​takluyver\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eact...\n\n_Description has been truncated_","html_url":"https://github.com/Anselmoo/spectrafit/pull/2108","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anselmoo%2Fspectrafit/issues/2108","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2108/packages"},{"uuid":"4425510723","node_id":"PR_kwDOAal_NM7afKn7","number":2043,"state":"closed","title":"Bump the pip group across 6 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T19:15:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T01:35:45.000Z","updated_at":"2026-05-18T19:15:37.000Z","time_to_close":581990,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":3,"packages":[{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /mpcontribs-api/requirements directory: [jupyter-server](https://github.com/jupyter-server/jupyter_server), [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /mpcontribs-client/requirements directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /mpcontribs-kernel-gateway/requirements directory: [jupyter-server](https://github.com/jupyter-server/jupyter_server), [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /mpcontribs-lux/requirements directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 2 updates in the /mpcontribs-portal/requirements directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /mpcontribs-serverless/dependencies directory: [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `jupyter-server` from 2.17.0 to 2.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-40110 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2025-61669 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40934 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-35397 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop  blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix context pollution \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1561\"\u003e#1561\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix gateway cookie handling \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1558\"\u003e#1558\u003c/a\u003e (\u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/RRosio\"\u003e\u003ccode\u003e@​RRosio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix connection exception cause high cpu load \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1484\"\u003e#1484\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStart to test on Python 3.13 and 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1623\"\u003e#1623\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1621\"\u003e#1621\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1615\"\u003e#1615\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix package spec for jupytext \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1614\"\u003e#1614\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update pre-commit hooks \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1607\"\u003e#1607\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etry to fix ci on windows \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1600\"\u003e#1600\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erun prerelease tests on 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1599\"\u003e#1599\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin sphinx to an older version (\u0026lt;9) to fix docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1597\"\u003e#1597\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid redundant call to \u003ccode\u003e_get_os_path\u003c/code\u003e in \u003ccode\u003e_dir_model\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1547\"\u003e#1547\u003c/a\u003e (\u003ca href=\"https://github.com/joeyutong\"\u003e\u003ccode\u003e@​joeyutong\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow specifying extra params to scrub from logs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1538\"\u003e#1538\u003c/a\u003e (\u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a logger to the ExtensionPoint API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1523\"\u003e#1523\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow user to update identity values \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1518\"\u003e#1518\u003c/a\u003e (\u003ca href=\"https://github.com/brichet\"\u003e\u003ccode\u003e@​brichet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIf ServerApp.ip is ipv6 use [::1] as local_url \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1495\"\u003e#1495\u003c/a\u003e (\u003ca href=\"https://github.com/manics\"\u003e\u003ccode\u003e@​manics\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/afshin\"\u003e\u003ccode\u003e@​afshin\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter error message when starting kernel for session. \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1478\"\u003e#1478\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a traitlet to disable recording HTTP request metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1472\"\u003e#1472\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprometheus: Expose 3 activity metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1471\"\u003e#1471\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus info metrics listing server extensions + versions \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1470\"\u003e#1470\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus metric with version information \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1467\"\u003e#1467\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't hide .so,.dylib files by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1457\"\u003e#1457\u003c/a\u003e (\u003ca href=\"https://github.com/nokados\"\u003e\u003ccode\u003e@​nokados\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter hash format error message \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1442\"\u003e#1442\u003c/a\u003e (\u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoving excessive logging from reading local files \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1420\"\u003e#1420\u003c/a\u003e (\u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd async start hook to ExtensionApp API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1417\"\u003e#1417\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Darshan808\"\u003e\u003ccode\u003e@​Darshan808\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not include token in dashboard link, when available \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1406\"\u003e#1406\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to have authentication enabled for all endpoints by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1392\"\u003e#1392\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewebsockets: add configurations for ping interval and timeout \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1391\"\u003e#1391\u003c/a\u003e (\u003ca href=\"https://github.com/oliver-sanders\"\u003e\u003ccode\u003e@​oliver-sanders\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elog extension import time at debug level unless it's actually slow \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1375\"\u003e#1375\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for async Authorizers (part 2) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1374\"\u003e#1374\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport async Authorizers \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1373\"\u003e#1373\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport get file(notebook) md5 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1363\"\u003e#1363\u003c/a\u003e (\u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kernel env to reflect changes in session \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1354\"\u003e#1354\u003c/a\u003e (\u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0ceed45a803ca36735f0fcfeb6d9db9430a50aa0\"\u003e\u003ccode\u003e0ceed45\u003c/code\u003e\u003c/a\u003e Publish 2.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003e\u003ccode\u003e49b3439\u003c/code\u003e\u003c/a\u003e Move check origin into a util function and add it to websocket (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1630\"\u003e#1630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e2e08c845ddbc41fddcb2449601d2ecbd9dd5977\"\u003e\u003ccode\u003ee2e08c8\u003c/code\u003e\u003c/a\u003e Add test case for bad next URL format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/624d6c0daf573e254a3fd69ca5318ce8194235bf\"\u003e\u003ccode\u003e624d6c0\u003c/code\u003e\u003c/a\u003e Delete outdated patch code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/d825b93d9cf2da248d5baa6ca910611f275fa449\"\u003e\u003ccode\u003ed825b93\u003c/code\u003e\u003c/a\u003e Apply suggestion from \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/789fed081a489ff38c50ec9f6c0364cb677d4cd2\"\u003e\u003ccode\u003e789fed0\u003c/code\u003e\u003c/a\u003e patch open redirect in /login\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/2ee51eccf3ff2e27068cc0b7a39101eeedc4f665\"\u003e\u003ccode\u003e2ee51ec\u003c/code\u003e\u003c/a\u003e fix(CVE-2026-35397): path traversal when target dir starts with root dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea\"\u003e\u003ccode\u003e057869a\u003c/code\u003e\u003c/a\u003e Fix allow_origin_pat to do full matching instead of prefix matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/4862199a0fffacd4d2e4a0c2e61fc8bb5ffa52f0\"\u003e\u003ccode\u003e4862199\u003c/code\u003e\u003c/a\u003e Add resolvePath API for resolving kernel-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e31d51406de6a9b167b796ec79ab3315630d514a\"\u003e\u003ccode\u003ee31d514\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3 in the actions group across ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...v2.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.2.0 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-server` from 2.17.0 to 2.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-40110 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2025-61669 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40934 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-35397 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop  blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix context pollution \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1561\"\u003e#1561\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix gateway cookie handling \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1558\"\u003e#1558\u003c/a\u003e (\u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/RRosio\"\u003e\u003ccode\u003e@​RRosio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix connection exception cause high cpu load \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1484\"\u003e#1484\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStart to test on Python 3.13 and 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1623\"\u003e#1623\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1621\"\u003e#1621\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1615\"\u003e#1615\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix package spec for jupytext \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1614\"\u003e#1614\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update pre-commit hooks \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1607\"\u003e#1607\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etry to fix ci on windows \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1600\"\u003e#1600\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erun prerelease tests on 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1599\"\u003e#1599\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin sphinx to an older version (\u0026lt;9) to fix docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1597\"\u003e#1597\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid redundant call to \u003ccode\u003e_get_os_path\u003c/code\u003e in \u003ccode\u003e_dir_model\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1547\"\u003e#1547\u003c/a\u003e (\u003ca href=\"https://github.com/joeyutong\"\u003e\u003ccode\u003e@​joeyutong\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow specifying extra params to scrub from logs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1538\"\u003e#1538\u003c/a\u003e (\u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a logger to the ExtensionPoint API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1523\"\u003e#1523\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow user to update identity values \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1518\"\u003e#1518\u003c/a\u003e (\u003ca href=\"https://github.com/brichet\"\u003e\u003ccode\u003e@​brichet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIf ServerApp.ip is ipv6 use [::1] as local_url \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1495\"\u003e#1495\u003c/a\u003e (\u003ca href=\"https://github.com/manics\"\u003e\u003ccode\u003e@​manics\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/afshin\"\u003e\u003ccode\u003e@​afshin\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter error message when starting kernel for session. \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1478\"\u003e#1478\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a traitlet to disable recording HTTP request metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1472\"\u003e#1472\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprometheus: Expose 3 activity metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1471\"\u003e#1471\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus info metrics listing server extensions + versions \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1470\"\u003e#1470\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus metric with version information \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1467\"\u003e#1467\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't hide .so,.dylib files by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1457\"\u003e#1457\u003c/a\u003e (\u003ca href=\"https://github.com/nokados\"\u003e\u003ccode\u003e@​nokados\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter hash format error message \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1442\"\u003e#1442\u003c/a\u003e (\u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoving excessive logging from reading local files \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1420\"\u003e#1420\u003c/a\u003e (\u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd async start hook to ExtensionApp API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1417\"\u003e#1417\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Darshan808\"\u003e\u003ccode\u003e@​Darshan808\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not include token in dashboard link, when available \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1406\"\u003e#1406\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to have authentication enabled for all endpoints by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1392\"\u003e#1392\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccod...\n\n_Description has been truncated_","html_url":"https://github.com/materialsproject/MPContribs/pull/2043","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/materialsproject%2FMPContribs/issues/2043","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2043/packages"},{"uuid":"4424393400","node_id":"PR_kwDODVEffM7abjpw","number":3065,"state":"open","title":":dependabot: uv(deps): Bump mistune from 3.2.0 to 3.2.1","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T21:22:02.000Z","updated_at":"2026-05-11T21:22:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/moj-analytical-services/splink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/moj-analytical-services/splink/pull/3065","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moj-analytical-services%2Fsplink/issues/3065","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3065/packages"},{"uuid":"4423568601","node_id":"PR_kwDOOAKIic7aY2Io","number":20,"state":"closed","title":"Bump the pip group across 2 directories with 2 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T21:47:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T19:11:13.000Z","updated_at":"2026-05-19T21:47:48.000Z","time_to_close":700593,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":2,"packages":[{"name":"mistune","old_version":"3.1.1","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"mistune","old_version":"3.0.2","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the / directory: [mistune](https://github.com/lepture/mistune).\nBumps the pip group with 2 updates in the /docs directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `mistune` from 3.1.1 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.1...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.0.2 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.1...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/canstralian/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/canstralian/llama_index/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/canstralian%2Fllama_index/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"4414830697","node_id":"PR_kwDOHCxsjs7Z9JY8","number":187,"state":"open","title":"Bump mistune from 3.2.0 to 3.2.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T06:07:17.000Z","updated_at":"2026-05-10T06:15:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=pip\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/qiboteam/qibochem/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/qiboteam/qibochem/pull/187","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/qiboteam%2Fqibochem/issues/187","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/187/packages"},{"uuid":"4411875104","node_id":"PR_kwDOQZvM_M7Z0Jww","number":121,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/callbacks/llama-index-callbacks-literalai","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T08:38:37.000Z","updated_at":"2026-05-09T08:40:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/callbacks/llama-index-callbacks-literalai","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/121","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/121","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/121/packages"},{"uuid":"4411842441","node_id":"PR_kwDOQZvM_M7Z0Dnw","number":119,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/callbacks/llama-index-callbacks-argilla","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T08:23:21.000Z","updated_at":"2026-05-09T08:25:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/callbacks/llama-index-callbacks-argilla","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/119","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/119","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/119/packages"},{"uuid":"4411838093","node_id":"PR_kwDOQZvM_M7Z0CzS","number":118,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-databricks","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T08:21:16.000Z","updated_at":"2026-05-09T08:23:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-databricks","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/118","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/118","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/118/packages"},{"uuid":"4411781519","node_id":"PR_kwDOQZvM_M7Zz4La","number":116,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-instructor","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T07:58:07.000Z","updated_at":"2026-05-09T08:00:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-instructor","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/116","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/116","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/116/packages"},{"uuid":"4411594007","node_id":"PR_kwDOQZvM_M7ZzRBm","number":109,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-litellm","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T07:04:36.000Z","updated_at":"2026-05-09T07:05:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-litellm","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/109","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/109","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/109/packages"},{"uuid":"4411564216","node_id":"PR_kwDOQZvM_M7ZzKzY","number":108,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-fireworks","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T06:56:03.000Z","updated_at":"2026-05-09T06:58:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-fireworks","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/108","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/108","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/108/packages"},{"uuid":"4411511014","node_id":"PR_kwDOQZvM_M7Zy_Rm","number":106,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-alephalpha","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T06:41:50.000Z","updated_at":"2026-05-09T06:44:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-alephalpha","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/106","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/106","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/106/packages"},{"uuid":"4411493314","node_id":"PR_kwDOPAsHRs7Zy7fl","number":68,"state":"open","title":"Bump mistune from 3.1.3 to 3.2.1 in /examples/gsm8k-custom-recipe-dspy","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T06:36:59.000Z","updated_at":"2026-05-09T06:37:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/examples/gsm8k-custom-recipe-dspy","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.1.3 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.1.3\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/arthrod/tensorzero/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/arthrod/tensorzero/pull/68","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Ftensorzero/issues/68","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/68/packages"}],"issue_packages":[{"old_version":"3.1.4","new_version":"3.2.1","update_type":"minor","path":null,"pr_created_at":"2026-06-11T01:29:05.000Z","version_change":"3.1.4 → 3.2.1","issue":{"uuid":"4636387573","node_id":"PR_kwDORtR3rs7lHOUF","number":5,"state":"open","title":"chore(deps): bump the uv group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-11T01:29:05.000Z","updated_at":"2026-06-11T01:30:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":19,"packages":[{"name":"flask","old_version":"3.1.2","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"cryptography","old_version":"46.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"filelock","old_version":"3.20.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"marshmallow","old_version":"3.26.1","new_version":"3.26.2","repository_url":"https://github.com/marshmallow-code/marshmallow"},{"name":"mistune","old_version":"3.1.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.16.6","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"pypdf","old_version":"6.4.2","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"python-multipart","old_version":"0.0.21","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"starlette","old_version":"0.50.0","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.9.1","new_version":"2.10.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"tornado","old_version":"6.5.4","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"urllib3","old_version":"2.6.2","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"virtualenv","old_version":"20.35.4","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"},{"name":"werkzeug","old_version":"3.1.4","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 19 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `3.1.2` | `3.1.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.3` | `46.0.7` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.20.1` | `3.20.3` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.15` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [marshmallow](https://github.com/marshmallow-code/marshmallow) | `3.26.1` | `3.26.2` |\n| [mistune](https://github.com/lepture/mistune) | `3.1.4` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.16.6` | `7.17.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.4.2` | `6.10.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.21` | `0.0.27` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [starlette](https://github.com/Kludex/starlette) | `0.50.0` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.9.1` | `2.10.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.2` | `2.7.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.35.4` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.4` | `3.1.6` |\n\n\nUpdates `flask` from 3.1.2 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.1.2...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.20.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.3 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): restore release environment on tag job :pr:\u003ccode\u003e559\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003evalidate pid range in _parse_lock_holder :pr:\u003ccode\u003e556\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 ci(release): publish to PyPI on tag push :pr:\u003ccode\u003e557\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:\u003ccode\u003e558\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.2 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:\u003ccode\u003e555\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e554\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echeck hostname in is_lock_held_by_us :pr:\u003ccode\u003e553\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:\u003ccode\u003e551\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eopen marker reads non-blocking to refuse attacker-placed fifo :pr:\u003ccode\u003e549\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.1 (2026-06-03)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:\u003ccode\u003e548\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e547\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e546\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e545\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e544\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e542\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify per-thread scope of FileLock configuration :pr:\u003ccode\u003e543\u003c/code\u003e - by :user:\u003ccode\u003eGares95\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e541\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix API docs of \u003ccode\u003erelease()\u003c/code\u003e :pr:\u003ccode\u003e540\u003c/code\u003e - by :user:\u003ccode\u003eMrAnno\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e539\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e538\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e537\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:\u003ccode\u003e536\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e535\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.0 (2026-04-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(soft): enable stale lock detection on Windows :pr:\u003ccode\u003e534\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(async): use single-thread executor for lock consistency :pr:\u003ccode\u003e533\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:\u003ccode\u003e530\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.20.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `marshmallow` from 3.26.1 to 3.26.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst\"\u003emarshmallow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.26.2 (2025-12-19)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:cve:\u003ccode\u003e2025-68480\u003c/code\u003e: Merge error store messages without rebuilding collections.\nThanks 카푸치노 for reporting and :user:\u003ccode\u003edeckar01\u003c/code\u003e for the fix.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/1407d5102ae020421ddc8425474e976325a9539e\"\u003e\u003ccode\u003e1407d51\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2878\"\u003e#2878\u003c/a\u003e from marshmallow-code/3.x-mypy-unreachable\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b2292f513845ccbd134bd55501a9bcbcdd18f8ac\"\u003e\u003ccode\u003eb2292f5\u003c/code\u003e\u003c/a\u003e Fix mypy errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/8acd211847244fa28e0174728ff310fddf0d7fa2\"\u003e\u003ccode\u003e8acd211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/marshmallow-code/marshmallow/issues/2877\"\u003e#2877\u003c/a\u003e from marshmallow-code/3.x-delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b4bcb4a96f16a3b94c1b52ac82a66b57bbee1d88\"\u003e\u003ccode\u003eb4bcb4a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/b78af7a0ea3102f8c2379bebe115a015e4018a62\"\u003e\u003ccode\u003eb78af7a\u003c/code\u003e\u003c/a\u003e Delint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/2c4451e5129411da79161add51cfc76fe852549d\"\u003e\u003ccode\u003e2c4451e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/86d101a1aee2fe0a521c976015d1940437493cde\"\u003e\u003ccode\u003e86d101a\u003c/code\u003e\u003c/a\u003e Bump version and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/489a8d421dc7955bb53b89e962d69465fbc5b6af\"\u003e\u003ccode\u003e489a8d4\u003c/code\u003e\u003c/a\u003e Only deep copy error message collections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/6d4a17dad54ea9711040c6aa6ba4d59267242a41\"\u003e\u003ccode\u003e6d4a17d\u003c/code\u003e\u003c/a\u003e Add test coverage for error message modification\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marshmallow-code/marshmallow/commit/0356a3f1c307830f8ded56d823abca5611c594c9\"\u003e\u003ccode\u003e0356a3f\u003c/code\u003e\u003c/a\u003e Merge error store messages without rebuilding collections\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/marshmallow-code/marshmallow/compare/3.26.1...3.26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.4 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nbconvert` from 7.16.6 to 7.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.1\u003c/h2\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Ken-B\"\u003e\u003ccode\u003e@​Ken-B\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgeier\"\u003e\u003ccode\u003e@​mgeier\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mpacer\"\u003e\u003ccode\u003e@​mpacer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/SylvainCorlay\"\u003e\u003ccode\u003e@​SylvainCorlay\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/takluyver\"\u003e\u003ccode\u003e@​takluyver\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Ken-B\"\u003e\u003ccode\u003e@​Ken-B\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgeier\"\u003e\u003ccode\u003e@​mgeier\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mpacer\"\u003e\u003ccode\u003e@​mpacer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/SylvainCorlay\"\u003e\u003ccode\u003e@​SylvainCorlay\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/takluyver\"\u003e\u003ccode\u003e@​takluyver\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/78ed30837a607deab7cf0a12dca072bf3f63417a\"\u003e\u003ccode\u003e78ed308\u003c/code\u003e\u003c/a\u003e Publish 7.17.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/f090a64606fde4c7f87cbf478f51b4aa46a425ec\"\u003e\u003ccode\u003ef090a64\u003c/code\u003e\u003c/a\u003e ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003e\u003ccode\u003eb3b6ec0\u003c/code\u003e\u003c/a\u003e chore: update pre-commit hooks (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2277\"\u003e#2277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/be4841f7da51c499b1937e41e6e71926dbe0daa3\"\u003e\u003ccode\u003ebe4841f\u003c/code\u003e\u003c/a\u003e ignore silly security lint in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/26d57b295870f5572d9bd0535acee4a120339c10\"\u003e\u003ccode\u003e26d57b2\u003c/code\u003e\u003c/a\u003e fix type annotation on Lexer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/0e6b8ccabf2aca6c18fac8c574f22b7155f441fb\"\u003e\u003ccode\u003e0e6b8cc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/ba5e5cdd737704388251fa55fa9e58f5752fa39d\"\u003e\u003ccode\u003eba5e5cd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/1db0c88d865146ce02b6405a8d96753d3d0cd0c2\"\u003e\u003ccode\u003e1db0c88\u003c/code\u003e\u003c/a\u003e Specify python version for pre (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2276\"\u003e#2276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7473fc3037a6317bff54380e3a7162d73bf089b3\"\u003e\u003ccode\u003e7473fc3\u003c/code\u003e\u003c/a\u003e chore: update pre-commit hooks (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2242\"\u003e#2242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/4322f7f290694929f414cefadc942111afad3762\"\u003e\u003ccode\u003e4322f7f\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2273\"\u003e#2273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nltk` from 3.9.2 to 3.9.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nltk/nltk/blob/develop/ChangeLog\"\u003enltk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eVersion 3.9.4 2026-03-24\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Python 3.14\u003c/li\u003e\n\u003cli\u003eFix bug in Levenshtein distance when substitution_cost \u0026gt; 2\u003c/li\u003e\n\u003cli\u003eFix bug in Treebank detokeniser re quote ordering\u003c/li\u003e\n\u003cli\u003eFix bug in Jaro similarity for empty strings\u003c/li\u003e\n\u003cli\u003eSeveral security enhancements\u003c/li\u003e\n\u003cli\u003eFix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder\u003c/li\u003e\n\u003cli\u003eImplement TextTiling vocabulary introduction method (Hearst 1997)\u003c/li\u003e\n\u003cli\u003eFix ALINE feature matrix errors and add comprehensive tests\u003c/li\u003e\n\u003cli\u003eSupport multiple VerbNet versions, fix longid/shortid regex for VerbNet ids\u003c/li\u003e\n\u003cli\u003eLet downloader fallback to md5 when sha256 is unavailable\u003c/li\u003e\n\u003cli\u003eSeveral other minor bugfixes and code cleanups\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.4:\nMin-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01,\njancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,\u003c/p\u003e\n\u003cp\u003eVersion 3.9.3 2026-02-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2025-14009: secure ZIP extraction in nltk.downloader (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3468\"\u003e#3468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/arbitrary reads in nltk.data for protocol-less refs (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3467\"\u003e#3467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBlock path traversal/abs paths in corpus readers and FS pointers (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3479\"\u003e#3479\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3480\"\u003e#3480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate external StanfordSegmenter JARs using SHA256 (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3477\"\u003e#3477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd optional sandbox enforcement for filestring() (\u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3485\"\u003e#3485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaintenance: downloader/zipped models, CI/tooling updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.3:\nChris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith\u003c/p\u003e\n\u003cp\u003eVersion 3.9.2 2025-10-01\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate download checksums to use SHA256 in built index\u003c/li\u003e\n\u003cli\u003eFix percentage escape in new-style string formatting\u003c/li\u003e\n\u003cli\u003ereplace shortened URLs using goo.gl\u003c/li\u003e\n\u003cli\u003eMake Wordnet interoperable with various taggers and tagged corpora\u003c/li\u003e\n\u003cli\u003eFix saving PerceptronTagger\u003c/li\u003e\n\u003cli\u003eDocument how to reproduce old Wordnet studies\u003c/li\u003e\n\u003cli\u003eproperly initialize Portuguese corpus reader\u003c/li\u003e\n\u003cli\u003esupport for mixed rules conversion into Chomsky Normal Form\u003c/li\u003e\n\u003cli\u003eonly import tkinter if a GUI is needed\u003c/li\u003e\n\u003cli\u003eissue \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/2112\"\u003e#2112\u003c/a\u003e with Corenlp\u003c/li\u003e\n\u003cli\u003enew environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL\u003c/li\u003e\n\u003cli\u003eLesk defaults to most frequent sense in case of ties\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to the following contributors to 3.9.2:\nJose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu,\nSamer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq,\nChristopher Smith, Ryan Mannion\u003c/p\u003e\n\u003cp\u003eVersion 3.9.1 2024-08-19\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/ad9c96ba00a16923ffe917eacf63f1707bfa2d08\"\u003e\u003ccode\u003ead9c96b\u003c/code\u003e\u003c/a\u003e Update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/7edcddfda566627b897397397cc4d10ae91cb86d\"\u003e\u003ccode\u003e7edcddf\u003c/code\u003e\u003c/a\u003e Updates for 3.9.4 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/67a2736f89b286b028db08bd247134f17a11fc6b\"\u003e\u003ccode\u003e67a2736\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3180\"\u003e#3180\u003c/a\u003e from yzhaoinuw/bug-on-edit_distance_align\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/2b17ac5358a1c8d4b97455766efde0b786e6cdb2\"\u003e\u003ccode\u003e2b17ac5\u003c/code\u003e\u003c/a\u003e Fix edit_distance_align backtrace for high substitution costs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/4b72976a6ff3d180ed4012f11843e611a8f89516\"\u003e\u003ccode\u003e4b72976\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3018\"\u003e#3018\u003c/a\u003e from JuanIMartinezB/bug/shortid-longid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/8a5619f53a281149e5342b1a00fe05fe2fc6517f\"\u003e\u003ccode\u003e8a5619f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3222\"\u003e#3222\u003c/a\u003e from Syzygy2048/feature/texttiling-vocabulary-introd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/c6574d755e02b6163d9cd1d0b407076940e08864\"\u003e\u003ccode\u003ec6574d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3289\"\u003e#3289\u003c/a\u003e from ihitamandal/codeflash/optimize-windowdiff-2024-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/98ff5d9eaa1a81511873b9aef857944519c28dc4\"\u003e\u003ccode\u003e98ff5d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3435\"\u003e#3435\u003c/a\u003e from Hrudhai01/fix-3260-detokenize-quotes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/aec4fce1b84ad725b8975f7365b23a4f626572a9\"\u003e\u003ccode\u003eaec4fce\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3522\"\u003e#3522\u003c/a\u003e from ekaf/pathsec\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nltk/nltk/commit/eec4ee3591cb9cb8b8c2989f08012608c841d532\"\u003e\u003ccode\u003eeec4ee3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/nltk/nltk/issues/3526\"\u003e#3526\u003c/a\u003e from nltk/update-contributing\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nltk/nltk/compare/3.9.2...3.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.4.2 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6...\n\n_Description has been truncated_","html_url":"https://github.com/tabrezahmed51/MiroFish_0118/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tabrezahmed51%2FMiroFish_0118/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":null,"pr_created_at":"2026-06-09T00:38:36.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4617726976","node_id":"PR_kwDOP4uxx87kJ4a4","number":190,"state":"open","title":"chore(deps): bump the all-dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-09T00:38:36.000Z","updated_at":"2026-06-09T00:39:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all-dependencies","update_count":45,"packages":[{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"bleach","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"click","old_version":"8.3.2","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"debugpy","old_version":"1.8.20","new_version":"1.8.21","repository_url":"https://github.com/microsoft/debugpy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"docstring-parser","old_version":"0.17.0","new_version":"0.18.0","repository_url":"https://github.com/rr-/docstring_parser"},{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"httptools","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/MagicStack/httptools"},{"name":"idna","old_version":"3.11","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"ipython","old_version":"9.12.0","new_version":"9.14.1","repository_url":"https://github.com/ipython/ipython"},{"name":"jedi","old_version":"0.19.2","new_version":"0.20.0","repository_url":"https://github.com/davidhalter/jedi"},{"name":"jiter","old_version":"0.14.0","new_version":"0.15.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"jupyter-events","old_version":"0.12.0","new_version":"0.12.1","repository_url":"https://github.com/jupyter/jupyter_events"},{"name":"jupyter-client","old_version":"8.8.0","new_version":"8.9.0","repository_url":"https://github.com/jupyter/jupyter_client"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.19.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.5.6","new_version":"4.5.8","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"matplotlib","old_version":"3.10.8","new_version":"3.10.9","repository_url":"https://github.com/matplotlib/matplotlib"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbclient","old_version":"0.10.4","new_version":"0.11.0","repository_url":"https://github.com/jupyter/nbclient"},{"name":"notebook","old_version":"7.5.5","new_version":"7.5.7","repository_url":"https://github.com/jupyter/notebook"},{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"parso","old_version":"0.8.6","new_version":"0.8.7","repository_url":"https://github.com/davidhalter/parso"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"postgrest","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"praw","old_version":"7.8.1","new_version":"7.8.2","repository_url":"https://github.com/praw-dev/praw"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pydantic","old_version":"2.13.0","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-core","old_version":"2.46.0","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"realtime","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"storage3","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.7","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"traitlets","old_version":"5.14.3","new_version":"5.15.1","repository_url":"https://github.com/ipython/traitlets"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.8.1","repository_url":"https://github.com/jquast/wcwidth"}],"path":null,"ecosystem":"pip"},"body":"Bumps the all-dependencies group with 45 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |\n| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.1` |\n| [debugpy](https://github.com/microsoft/debugpy) | `1.8.20` | `1.8.21` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [docstring-parser](https://github.com/rr-/docstring_parser) | `0.17.0` | `0.18.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [httptools](https://github.com/MagicStack/httptools) | `0.7.1` | `0.8.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |\n| [ipython](https://github.com/ipython/ipython) | `9.12.0` | `9.14.1` |\n| [jedi](https://github.com/davidhalter/jedi) | `0.19.2` | `0.20.0` |\n| [jiter](https://github.com/pydantic/jiter) | `0.14.0` | `0.15.0` |\n| [jupyter-events](https://github.com/jupyter/jupyter_events) | `0.12.0` | `0.12.1` |\n| [jupyter-client](https://github.com/jupyter/jupyter_client) | `8.8.0` | `8.9.0` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.19.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.6` | `4.5.8` |\n| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.8` | `3.10.9` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [nbclient](https://github.com/jupyter/nbclient) | `0.10.4` | `0.11.0` |\n| [notebook](https://github.com/jupyter/notebook) | `7.5.5` | `7.5.7` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [praw](https://github.com/praw-dev/praw) | `7.8.1` | `7.8.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.0` | `2.13.4` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.0` | `2.47.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.7` |\n| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.8.1` |\n\n\nUpdates `beautifulsoup4` from 4.14.3 to 4.15.0\n\nUpdates `bleach` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.4.0 (June 5th, 2026)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE: 2026-06-05: Bleach is no longer maintained. There will be no future\nreleases including for security issues.\u003c/strong\u003e\nSee issue: \u003ccode\u003e\u0026lt;https://github.com/mozilla/bleach/issues/698\u0026gt;\u003c/code\u003e__\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for pypy 3.10. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug 2023812 / GHSA-8rfp-98v4-mmr6.\u003c/p\u003e\n\u003cp\u003eFix XSS issue with sanitize_uri_value where disallowed schemes with\nUnicode invisible characters wouldn't be rejected.\u003c/p\u003e\n\u003cp\u003eFor example::\u003c/p\u003e\n\u003cp\u003eimport bleach\npayload1 = '\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\nresult1 = bleach.clean(payload1)\nprint(repr(result1))\u003c/p\u003e\n\u003cp\u003eoutputs::\u003c/p\u003e\n\u003cp\u003e'\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix GHSA-gj48-438w-jh9v.\u003c/p\u003e\n\u003cp\u003eFix issue where URI sanitization wasn't happening in formaction attributes.\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for pypy 3.11. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop version max in tinycss2 pin. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/772\"\u003e#772\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis removes one of the things we had to keep checking and updating. Users\nnow own the responsibility for correctness with the version of tinycss2\nthey're using.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/f0355a7af00500482c5292c6c83290c6a178068d\"\u003e\u003ccode\u003ef0355a7\u003c/code\u003e\u003c/a\u003e fix: fix last release date in CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/ae4e8a26706516ad01b92e66321b480208a440da\"\u003e\u003ccode\u003eae4e8a2\u003c/code\u003e\u003c/a\u003e chore: bleach 6.4.0 and final release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/970df58e9f0c55cc52244f3f0106e473a40d886d\"\u003e\u003ccode\u003e970df58\u003c/code\u003e\u003c/a\u003e fix: uri-sanitization in formaction attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/7c4867c32344d1c961107fae62240a6f0dc680dc\"\u003e\u003ccode\u003e7c4867c\u003c/code\u003e\u003c/a\u003e fix: xss bypass in allowed protocol test using unicode invisible characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/913ab75992b845e2c9c060c41f24d46921db4693\"\u003e\u003ccode\u003e913ab75\u003c/code\u003e\u003c/a\u003e fix: reduce redundancy in workflow jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/218c15af455c8dec14f98fcb2e235f8680e93930\"\u003e\u003ccode\u003e218c15a\u003c/code\u003e\u003c/a\u003e fix: rework pip caching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/4f0b097bf80548a022050e2f71f024d755a9f154\"\u003e\u003ccode\u003e4f0b097\u003c/code\u003e\u003c/a\u003e fix: fix tox platform restrictions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/e95a79d07bb5d792425c2bc0ef5dd03f6614f3bb\"\u003e\u003ccode\u003ee95a79d\u003c/code\u003e\u003c/a\u003e chore: update pytest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/91539d4e80d4685b8f2bedc79076ff0ff6c1b911\"\u003e\u003ccode\u003e91539d4\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cd47b4ce495859065da23c2116f651e591e1e90d\"\u003e\u003ccode\u003ecd47b4c\u003c/code\u003e\u003c/a\u003e fix: handle left-angle-bracket that's not a tag (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v6.3.0...v6.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.2 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.md\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. {issue}\u003ccode\u003e3458\u003c/code\u003e {pr}\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. {issue}\u003ccode\u003e3277\u003c/code\u003e {pr}\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eEnum\u003c/code\u003e values used as \u003ccode\u003eChoice\u003c/code\u003e options produces a\nvalid completion result. {issue}\u003ccode\u003e3015\u003c/code\u003e {pr}\u003ccode\u003e3471\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. {issue}\u003ccode\u003e3487\u003c/code\u003e {pr}\u003ccode\u003e3493\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. {issue}\u003ccode\u003e3449\u003c/code\u003e {pr}\u003ccode\u003e3482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eopen_url\u003c/code\u003e on Windows when the file path contains spaces.\n{issue}\u003ccode\u003e2994\u003c/code\u003e {pr}\u003ccode\u003e3478\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for {class}\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n{class}\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n{class}\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e{class}\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add {func}\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n{pr}\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e{attr}\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of {meth}\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor {class}\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n{issue}\u003ccode\u003e2745\u003c/code\u003e {pr}\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.2...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `debugpy` from 1.8.20 to 1.8.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/debugpy/releases\"\u003edebugpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edebugpy v1.8.21\u003c/h2\u003e\n\u003cp\u003eFixes for:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReturn evaluate result in DAP response body instead of writing to stdout: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent invalid \u003ccode\u003escopes\u003c/code\u003e request from crashing debug session: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2026\"\u003e#2026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip uninitialized \u003ccode\u003e__slots__\u003c/code\u003e in variable resolver: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2024\"\u003e#2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle \u003ccode\u003e-c\u003c/code\u003e arguments that are \u003ccode\u003ebytes\u003c/code\u003e instead of \u003ccode\u003estr\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluation of variables from chained exception frames: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2018\"\u003e#2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContinueRequest\u003c/code\u003e with a specific \u003ccode\u003ethreadId\u003c/code\u003e no longer resumes all threads (in-process adapter): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2012\"\u003e#2012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid strong reference to exceptions during unwind: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2008\"\u003e#2008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow error message on evaluate failures in the hover context: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2006\"\u003e#2006\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay \u003ccode\u003edlerror\u003c/code\u003e output when \u003ccode\u003edlopen\u003c/code\u003e fails: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2000\"\u003e#2000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace removed \u003ccode\u003epkgutil.get_loader\u003c/code\u003e with \u003ccode\u003eimportlib.util.find_spec\u003c/code\u003e in \u003ccode\u003eget_fullname\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/1998\"\u003e#1998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option to ignore all system exit codes: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2017\"\u003e#2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePull changes from pydevd up to March 2026: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2010\"\u003e#2010\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure work:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816219\"\u003e#2816219\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2028\"\u003e#2028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2029\"\u003e#2029\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2030\"\u003e#2030\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2031\"\u003e#2031\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/maxbachmann\"\u003e\u003ccode\u003e@​maxbachmann\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mfussenegger\"\u003e\u003ccode\u003e@​mfussenegger\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/sambrightman\"\u003e\u003ccode\u003e@​sambrightman\u003c/code\u003e\u003c/a\u003e for the commits.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/858b05c08555cfc54efa7cf90e70184c7495b38e\"\u003e\u003ccode\u003e858b05c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e: suppress Flawfinder false positive on Cython JoinPyUnicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/f0c34f133ad3eb7992ca50e45e5459f9d58f4be8\"\u003e\u003ccode\u003ef0c34f1\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e: suppress Flawfinder false positive on Cython DIGIT_PAIRS_8 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/4c70e13d0e3fc8eee5013cd2a41c7a6d752d55d3\"\u003e\u003ccode\u003e4c70e13\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/19c2b8c029975a6ba2e4e521d8fbdf5f1b3ed8fd\"\u003e\u003ccode\u003e19c2b8c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/ab9263839637357f3372ffb550395ffbf8ce9f77\"\u003e\u003ccode\u003eab92638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2031\"\u003e#2031\u003c/a\u003e from StellaHuang95/stellahuang/tsa-2816219-flawfinde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/12bd4fef7ea5c35248d9f175f5b0218b970fa64c\"\u003e\u003ccode\u003e12bd4fe\u003c/code\u003e\u003c/a\u003e Return evaluate result in DAP response body instead of writing to stdout (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/8bd57a7d446d6ec4d7dd4e580d00cdea193ddcd9\"\u003e\u003ccode\u003e8bd57a7\u003c/code\u003e\u003c/a\u003e Prevent invalid scopes request from crashing debug session (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/bf118c8d0ec97e584d2f3cfd781f04a745a1334c\"\u003e\u003ccode\u003ebf118c8\u003c/code\u003e\u003c/a\u003e Skip uninitialized \u003cstrong\u003eslots\u003c/strong\u003e in variable resolver (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/a55be0e6f0700646e0833097ab78b2e4ba68745b\"\u003e\u003ccode\u003ea55be0e\u003c/code\u003e\u003c/a\u003e Potential fix when \u003ccode\u003e-c\u003c/code\u003e arguments are bytes instead of a str (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/0f037adec6fb2f61ad225849e953188ec349adbc\"\u003e\u003ccode\u003e0f037ad\u003c/code\u003e\u003c/a\u003e Fix evaluation of variables from chained exception frames (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/debugpy/compare/v1.8.20...v1.8.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docstring-parser` from 0.17.0 to 0.18.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rr-/docstring_parser/blob/master/CHANGELOG.md\"\u003edocstring-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.18 (2026-04-14)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Allow \u003ccode\u003eparse()\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/jamesbraza\"\u003e\u003ccode\u003e@​jamesbraza\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.14 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Exclude \u003ccode\u003edocstring_parser.tests\u003c/code\u003e from built wheels (thanks to \u003ca href=\"https://github.com/gvalkov\"\u003e\u003ccode\u003e@​gvalkov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEpydoc: Add missing attribute parsing, which includes the \u0026quot;\u003ca href=\"https://github.com/ivar\"\u003e\u003ccode\u003e@​ivar\u003c/code\u003e\u003c/a\u003e\u0026quot;, \u0026quot;\u003ca href=\"https://github.com/cvar\"\u003e\u003ccode\u003e@​cvar\u003c/code\u003e\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"https://github.com/var\"\u003e\u003ccode\u003e@​var\u003c/code\u003e\u003c/a\u003e\u0026quot; syntax (thanks to \u003ca href=\"https://github.com/Masara\"\u003e\u003ccode\u003e@​Masara\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNumpydoc: Add support for defaults in type declarations and improve compose behavior (thanks to \u003ca href=\"https://github.com/jwlodek\"\u003e\u003ccode\u003e@​jwlodek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.17 (2025-07-21)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Replace poetry with hatchling (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Drop support for Python 3.6 and 3.7 (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.13 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Publish packages to PyPI with digital attestations (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGoogle: Fix multi-line parameter definitions (thanks to \u003ca href=\"https://github.com/coolbeevip\"\u003e\u003ccode\u003e@​coolbeevip\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAttrdoc: Remove use of deprecated ast classes (thanks to \u003ca href=\"https://github.com/fedepell\"\u003e\u003ccode\u003e@​fedepell\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.16 (2024-03-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new property, \u003ccode\u003edescription\u003c/code\u003e, that combines short and long\ndescriptions into a single string (thanks to \u003ca href=\"https://github.com/pR0Ps\"\u003e\u003ccode\u003e@​pR0Ps\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: support Python 3.12 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.15 (2022-09-05)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new function, \u003ccode\u003eparse_from_object\u003c/code\u003e, that supports scattered\ndocstrings (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14.1 (2022-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: fix autodetection (regression from 0.14)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14 (2022-04-25)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eNumpydoc: Improved support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.13 (2021-11-17)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle: Added support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.12 (2021-10-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Added support for lone \u003ccode\u003e:rtype:\u003c/code\u003e meta information (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.11 (2021-09-30)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Started tracking changes\u003c/li\u003e\n\u003cli\u003eGeneral: Added ability to combine function docstrings (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReST: Added support for \u003ccode\u003e:type:\u003c/code\u003e and \u003ccode\u003e:rtype:\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/87dca55a7b5bdc854ad1d190f1c461015ba5f008\"\u003e\u003ccode\u003e87dca55\u003c/code\u003e\u003c/a\u003e Bump version: 0.17.0 → 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/059d189eef68dccd226531a8536652c04e467744\"\u003e\u003ccode\u003e059d189\u003c/code\u003e\u003c/a\u003e Support Python 3.14 (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/9f8501fd9cfc68794b33be79acc03a303c8bb527\"\u003e\u003ccode\u003e9f8501f\u003c/code\u003e\u003c/a\u003e Remove docstring_parser.tests from bdist (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/107\"\u003e#107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/352ac5acfa7e8b91319dd26687996f856c282a97\"\u003e\u003ccode\u003e352ac5a\u003c/code\u003e\u003c/a\u003e Add support for setting default value in type declaration for numpydoc, vario...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/434078c85ef98e1bd38de0bff377e081073227da\"\u003e\u003ccode\u003e434078c\u003c/code\u003e\u003c/a\u003e build: fix builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/fd6fe7b35363c1744a732381596d50eda161f9e2\"\u003e\u003ccode\u003efd6fe7b\u003c/code\u003e\u003c/a\u003e epydoc: add missing attribute parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/37fac3d32ebd73e16c468aefd54022c6a6d8d563\"\u003e\u003ccode\u003e37fac3d\u003c/code\u003e\u003c/a\u003e docs: fix missing changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/b4a3c48883f6dd3d69c1dc57545f1b72238c6c2a\"\u003e\u003ccode\u003eb4a3c48\u003c/code\u003e\u003c/a\u003e Allowing \u003ccode\u003eparse\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rr-/docstring_parser/compare/0.17.0...0.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.135.3 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httptools` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/httptools/releases\"\u003ehttptools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/justeph\"\u003e\u003ccode\u003e@​justeph\u003c/code\u003e\u003c/a\u003e in c398a157)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/kumaraditya303\"\u003e\u003ccode\u003e@​kumaraditya303\u003c/code\u003e\u003c/a\u003e in 28d1db15)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in a9bda0ed)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in e3e8d71e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in a0283f07 for \u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/142\"\u003e#142\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/OldManYellsAtCloud\"\u003e\u003ccode\u003e@​OldManYellsAtCloud\u003c/code\u003e\u003c/a\u003e in c403ad1a)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/cf10ce6f0dae56e61817e67b9bb073dd39d0191a\"\u003e\u003ccode\u003ecf10ce6\u003c/code\u003e\u003c/a\u003e httptools 0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a0283f07c8a7a3f81e26135283daa25e4baba3af\"\u003e\u003ccode\u003ea0283f0\u003c/code\u003e\u003c/a\u003e security: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/05e6b8e9cf71fed8fa0e4796a2c1a52351b2e182\"\u003e\u003ccode\u003e05e6b8e\u003c/code\u003e\u003c/a\u003e ci: add freethreading 3.14 to the CI matrix (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/e3e8d71ee946937209aa965400cc2a8710520215\"\u003e\u003ccode\u003ee3e8d71\u003c/code\u003e\u003c/a\u003e Bump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a9bda0edb93da51c68cbf6db791c958166b86249\"\u003e\u003ccode\u003ea9bda0e\u003c/code\u003e\u003c/a\u003e Fix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/28d1db15eaeaab5bc7d376d2c2035d966b6e1378\"\u003e\u003ccode\u003e28d1db1\u003c/code\u003e\u003c/a\u003e mark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c403ad1ad6cc9345834269a0611b74c6ee4bdcfa\"\u003e\u003ccode\u003ec403ad1\u003c/code\u003e\u003c/a\u003e Allow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c398a1579a30ba12b5aeed2d7163644947514590\"\u003e\u003ccode\u003ec398a15\u003c/code\u003e\u003c/a\u003e Add http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/4cfdabd31ccfd5ccf9ab8c60992b4348ebcf5a84\"\u003e\u003ccode\u003e4cfdabd\u003c/code\u003e\u003c/a\u003e ci: fix release workflow (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/ef71da977cde416fcbd570393fe0c1e22d26b56f\"\u003e\u003ccode\u003eef71da9\u003c/code\u003e\u003c/a\u003e Post-release version bump\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/MagicStack/httptools/compare/v0.7.1...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.18\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.18 (2026-06-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen decoding a domain, add a \u003ccode\u003edisplay\u003c/code\u003e argument that will pass\nthrough invalid labels rather than raising an exception.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1\"\u003e\u003ccode\u003ef39ea90\u003c/code\u003e\u003c/a\u003e Release 3.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba\"\u003e\u003ccode\u003e40f4e40\u003c/code\u003e\u003c/a\u003e Pre-release 3.18rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24\"\u003e\u003ccode\u003e1a5bf80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/253\"\u003e#253\u003c/a\u003e from kjd/lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac\"\u003e\u003ccode\u003e5bbb26f\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d\"\u003e\u003ccode\u003ec532bae\u003c/code\u003e\u003c/a\u003e Rename decode() lenient= option to display= (issue \u003ca href=\"https://redirect.github.com/kjd/idna/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580\"\u003e\u003ccode\u003e0b1758b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/252\"\u003e#252\u003c/a\u003e from kjd/release-3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ipython` from 9.12.0 to 9.14.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/352c35b9e841fe20c2a0dc09af67e180e6854322\"\u003e\u003ccode\u003e352c35b\u003c/code\u003e\u003c/a\u003e release 9.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/df72b1f8d94e874947f6425dbbcca614942aa3f5\"\u003e\u003ccode\u003edf72b1f\u003c/code\u003e\u003c/a\u003e Add forward compatibility for pdb.Pdb's mode argument (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15235\"\u003e#15235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/a957d81c3177d33fc9d0b5fe123e58dd8cbf87e7\"\u003e\u003ccode\u003ea957d81\u003c/code\u003e\u003c/a\u003e Handle pdb.Pdb \u003ccode\u003emode\u003c/code\u003e argument and test signature compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/3e1c0544e141d55cd232259d4828a633e952f5fc\"\u003e\u003ccode\u003e3e1c054\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15238\"\u003e#15238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/0181ae38b68b929f464c349ad139e1080ee60a93\"\u003e\u003ccode\u003e0181ae3\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/fb831cc06fe27a12f5d52f6608fa90857428748c\"\u003e\u003ccode\u003efb831cc\u003c/code\u003e\u003c/a\u003e back to dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/9d1f24b9687279362b66f4e8c8a36ffde895a05d\"\u003e\u003ccode\u003e9d1f24b\u003c/code\u003e\u003c/a\u003e release 9.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d8b9d11f2796300d914a88dc08de35ce93bc5aa0\"\u003e\u003ccode\u003ed8b9d11\u003c/code\u003e\u003c/a\u003e Add IPython 9.14 release notes (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15228\"\u003e#15228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/80cc1b963349ebc472b69f7da505cccebb2e6ad5\"\u003e\u003ccode\u003e80cc1b9\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/99feaadc543d43abc9287734651f4b618305a6bb\"\u003e\u003ccode\u003e99feaad\u003c/code\u003e\u003c/a\u003e Prepare release notes for 9.14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/ipython/compare/9.12.0...9.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jedi` from 0.19.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst\"\u003ejedi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.20.0 (2026-05-02)\n+++++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003cli\u003eRemoved support for Python 3.8 and 3.9\u003c/li\u003e\n\u003cli\u003eUpgraded Typeshed\u003c/li\u003e\n\u003cli\u003eBetter support for Final/ClassVar\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e__new__\u003c/code\u003e is now also recognized as a signature and TypeVar inference\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSelf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eTypeAlias\u003c/code\u003e, generics for \u003ccode\u003etype[...]\u003c/code\u003e and \u003ccode\u003etuple[...]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/3102215478fe07b965dcd8221c17436d1dd7e8ac\"\u003e\u003ccode\u003e3102215\u003c/code\u003e\u003c/a\u003e Move the type parameter syntax tests so that it works for all versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/1b37f2eb946e825cbc2887c6dd34ee046f0ae68c\"\u003e\u003ccode\u003e1b37f2e\u003c/code\u003e\u003c/a\u003e Prepare for the 0.20.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8e4df5cc0ec511db1af6d358182b1fb7c1e0cbff\"\u003e\u003ccode\u003e8e4df5c\u003c/code\u003e\u003c/a\u003e Make sure the new generic syntax does not fail with latest parso\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/4c9dbcca0329454b638bfa32e2825bedcfdf0eac\"\u003e\u003ccode\u003e4c9dbcc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/davidhalter/jedi/issues/2098\"\u003e#2098\u003c/a\u003e from davidhalter/updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/fedb1a5eb0d74446f6d431db2920ab5f1e1d5b18\"\u003e\u003ccode\u003efedb1a5\u003c/code\u003e\u003c/a\u003e Fix 3.10 tests in one more case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/87e782f9c82de7297e243a770ac8888570bffa8e\"\u003e\u003ccode\u003e87e782f\u003c/code\u003e\u003c/a\u003e Fix flake8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/cd52d982e10ac54f0ebef06e0bd414f79589998a\"\u003e\u003ccode\u003ecd52d98\u003c/code\u003e\u003c/a\u003e Fixes to get the tests passing for 3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/d0b11806d4d1def377234bc2dc512992c997a977\"\u003e\u003ccode\u003ed0b1180\u003c/code\u003e\u003c/a\u003e Finally make tests work for 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8520a9958b489bd8d30cf20b4d2798f7289aab45\"\u003e\u003ccode\u003e8520a99\u003c/code\u003e\u003c/a\u003e Implement support for TypeVar inference for \u003cstrong\u003enew\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/55e5f0cb92dd92d5bdc80ecfc38664a1afd921d1\"\u003e\u003ccode\u003e55e5f0c\u003c/code\u003e\u003c/a\u003e Implement new-style unions with TypeVars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/davidhalter/jedi/compare/v0.19.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.14.0 to 0.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0bb22aa6b3a4d729e6c7bae74c05a5d0f1f654b0\"\u003e\u003ccode\u003e0bb22aa\u003c/code\u003e\u003c/a\u003e release: 0.15.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0f3e5eb48a5fff16d825f9af2ea7c6748bbdfbb8\"\u003e\u003ccode\u003e0f3e5eb\u003c/code\u003e\u003c/a\u003e expose \u003ccode\u003eknown_number_bytes\u003c/code\u003e and parser methods for bytes -\u0026gt; number (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.14.0...v0.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-events` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/releases\"\u003ejupyter-events's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.1\u003c/h2\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3AZsailer+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/blob/main/CHANGELOG.md\"\u003ejupyter-events's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/BryanOwens012/which-glp/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BryanOwens012%2Fwhich-glp/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"}},{"old_version":"3.0.2","new_version":"3.2.1","update_type":"minor","path":null,"pr_created_at":"2026-05-26T02:35:02.000Z","version_change":"3.0.2 → 3.2.1","issue":{"uuid":"4520870249","node_id":"PR_kwDOPiJZBs7fPRt2","number":15,"state":"open","title":"Bump the pip group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T02:35:02.000Z","updated_at":"2026-05-26T04:57:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":19,"packages":[{"name":"urllib3","old_version":"1.25.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"black","old_version":"23.12.1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"certifi","old_version":"2023.11.17","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.6","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pytest","old_version":"7.4.4","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.3.2","new_version":"1.5.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"setuptools","old_version":"69.0.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jupyter-server","old_version":"2.12.5","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.0.11","new_version":"4.5.7","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"mistune","old_version":"3.0.2","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.14.2","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"},{"name":"notebook","old_version":"7.0.7","new_version":"7.5.6","repository_url":"https://github.com/jupyter/notebook"},{"name":"tornado","old_version":"6.4","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"cryptography","old_version":"41.0.7","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"tqdm","old_version":"4.66.1","new_version":"4.66.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"zipp","old_version":"3.17.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"},{"name":"pyopenssl","old_version":"23.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the /test/requirements/compiled directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.25.3` | `2.7.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [certifi](https://github.com/certifi/python-certifi) | `2023.11.17` | `2024.7.4` |\n| [idna](https://github.com/kjd/idna) | `3.6` | `3.15` |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.4` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.5.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `69.0.3` | `78.1.1` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.12.5` | `2.18.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.0.11` | `4.5.7` |\n| [mistune](https://github.com/lepture/mistune) | `3.0.2` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.14.2` | `7.17.1` |\n| [notebook](https://github.com/jupyter/notebook) | `7.0.7` | `7.5.6` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.4` | `6.5.5` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.7` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.66.1` | `4.66.3` |\n| [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.3.0` | `26.0.0` |\n\n\nUpdates `urllib3` from 1.25.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.25.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 23.12.1 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/23.12.1...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2023.11.17 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2023.11.17...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.6 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.4...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.3.2 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.3.2...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 69.0.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v69.0.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-ser...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 19 Python dependencies across test requirement files, bringing packages to their latest versions with security fixes, bug fixes, and new features.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Critical security fixes in urllib3 (CVE-2026-21441), requests (CVE-2026-25645), cryptography, and jinja2 (multiple CVEs)\n- **Major Version Bumps**: Black updated from 23.12.1 to 26.3.1, pytest from 7.4.4 to 9.0.3, scikit-learn from 1.3.2 to 1.5.0\n- **Jupyter Ecosystem**: Comprehensive updates to jupyter-server (2.12.5→2.18.0), jupyterlab (4.0.11→4.5.7), notebook (7.0.7→7.5.6)\n- **Infrastructure Libraries**: urllib3 major update (1.25.3→2.7.0), setuptools (69.0.3→78.1.1), cryptography (41.0.7→46.0.7)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 19 Outdated Packages]\n    B --\u003e C[Security Vulnerabilities Found]\n    B --\u003e D[Feature Updates Available]\n    C --\u003e E[urllib3: Decompression bomb fixes]\n    C --\u003e F[requests: Malicious file replacement fix]\n    C --\u003e G[jinja2: Sandbox bypass fixes]\n    C --\u003e H[cryptography: Security patches]\n    D --\u003e I[Black: Jupyter notebook improvements]\n    D --\u003e J[pytest: Python 3.14 support]\n    D --\u003e K[scikit-learn: New ML features]\n    E --\u003e L[Updated Requirements Files]\n    F --\u003e L\n    G --\u003e L\n    H --\u003e L\n    I --\u003e L\n    J --\u003e L\n    K --\u003e L\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including decompression bomb vulnerabilities, malicious file replacement, and sandbox bypass issues\n- **Compatibility Improvements**: Adds Python 3.14 support in pytest, removes deprecated features, and improves Windows compatibility\n- **Development Experience**: Enhanced Jupyter notebook support, better error messages, improved type annotations, and performance optimizations\n- **Testing Infrastructure**: Updated pytest with better async support, improved error handling, and enhanced debugging capabilities\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/uv/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fuv/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"0.8.4","new_version":"3.2.1","update_type":"major","path":null,"pr_created_at":"2026-05-22T22:51:13.000Z","version_change":"0.8.4 → 3.2.1","issue":{"uuid":"4505985755","node_id":"PR_kwDOB5H3vc7eg51v","number":847,"state":"open","title":"chore(deps-dev): bump mistune from 0.8.4 to 3.2.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T22:51:13.000Z","updated_at":"2026-05-22T23:38:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"mistune","old_version":"0.8.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 0.8.4 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jan 28, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v0.8.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/jazzband/django-eav2/pull/847","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jazzband%2Fdjango-eav2/issues/847","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/847/packages"}},{"old_version":"2.0.4","new_version":"3.2.1","update_type":"major","path":null,"pr_created_at":"2026-05-20T03:29:07.000Z","version_change":"2.0.4 → 3.2.1","issue":{"uuid":"4482866515","node_id":"PR_kwDONasQ6M7dV77z","number":5,"state":"open","title":"Bump the pip group across 28 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T03:29:07.000Z","updated_at":"2026-05-20T03:30:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":4,"packages":[{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"mistune","old_version":"2.0.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"mistune","old_version":"2.0.4","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"},{"name":"urllib3","old_version":"2.2.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the /wandb/run-20241208_233803-k50mdb94/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_234207-719gd67m/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_234348-3k843q5m/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_234927-0lormxok/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241208_235259-zo0177ba/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_001012-4p02l17t/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_003341-6ob8tc23/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_003544-nngnnaj1/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_003742-spjrnvfl/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_004548-pxlrlgu6/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_004625-3rtc2d1g/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_004945-hybasejc/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_005014-dkqdw2xf/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_005851-p2jjssp9/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_005923-ujmv6hg0/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_010713-uolr87wa/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_020634-3mme08dr/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_030055-vtglop6r/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_031342-h3ohlpzy/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_031452-h7pr4syu/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_033810-69h4jquw/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_034448-z838uymc/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_035835-oiah2ikz/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_041232-80wxu08d/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_041709-vvefq1b8/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_043649-4snvizf0/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_043855-yf41zoni/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /wandb/run-20241209_044357-2cudcxy1/files directory: [idna](https://github.com/kjd/idna), [mistune](https://github.com/lepture/mistune), [ujson](https://github.com/ultrajson/ultrajson) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 2.0.4 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jan 28, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v2.0.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ujson` from 5.10.0 to 5.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ultrajson/ultrajson/releases\"\u003eujson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.12.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e) \u003ca href=\"https://github.com/nhancdt2602\"\u003e\u003ccode\u003e@​nhancdt2602\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix memory leak when \u003ccode\u003eujson.dump()\u003c/code\u003e is unable to write to its file (0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that pre-built wheels for graalpy on macOS have been omitted from this release due to infrastructural issues building them (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/731\"\u003e#731\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e5.12.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license field (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/693\"\u003e#693\u003c/a\u003e) \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild wheels for GraalPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/685\"\u003e#685\u003c/a\u003e) \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/686\"\u003e#686\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix memory leak parsing large integers (\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\"\u003ehttps://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix buffer overflow/infinite loop from indent handling (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/709\"\u003e#709\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove upper bound of setuptools for PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/704\"\u003e#704\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.11.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInline type stubs (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/674\"\u003e#674\u003c/a\u003e) \u003ca href=\"https://github.com/MarcoGorelli\"\u003e\u003ccode\u003e@​MarcoGorelli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/680\"\u003e#680\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for PyPy3.11 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/658\"\u003e#658\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows ARM64 wheels (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/663\"\u003e#663\u003c/a\u003e) \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to \u003ccode\u003esrc/\u003c/code\u003e layout (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/664\"\u003e#664\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild aarch64 wheels using native runners (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/652\"\u003e#652\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/645\"\u003e#645\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL PyPy3.8-PyPy3.10 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/639\"\u003e#639\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/682\"\u003e#682\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/667\"\u003e#667\u003c/a\u003e) \u003ca href=\"https://github.com/grandnew\"\u003e\u003ccode\u003e@​grandnew\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools \u0026lt; 72.2 to fix build on PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/638\"\u003e#638\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md example to match actual output (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/654\"\u003e#654\u003c/a\u003e) \u003ca href=\"https://github.com/AvdN\"\u003e\u003ccode\u003e@​AvdN\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/7d9036f4896256ac772fdb45d27d45463efe59cb\"\u003e\u003ccode\u003e7d9036f\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853\"\u003e\u003ccode\u003e0bf630a\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/46f75969b18e1d37da3ad0fbb1954d146e072c5d\"\u003e\u003ccode\u003e46f7596\u003c/code\u003e\u003c/a\u003e Enable read access for CI/CD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9\"\u003e\u003ccode\u003e82af1d0\u003c/code\u003e\u003c/a\u003e Fix failure cleanup paths in ujson.dump()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ceae6cd09dd1c29e747fa4041febcd4fdfd33c0a\"\u003e\u003ccode\u003eceae6cd\u003c/code\u003e\u003c/a\u003e Gitignore .fuse_hidden and .DS_Store files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/dd87ed388816eb5a02bc6f752c27cda5df5c1aa1\"\u003e\u003ccode\u003edd87ed3\u003c/code\u003e\u003c/a\u003e Improve unit test coverage (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ddbe2da83bd7fe9940eec1766bd75e21e76bc7d7\"\u003e\u003ccode\u003eddbe2da\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/3be5ae59f5548ec9a1fef56bfa2a005cfa5c6c09\"\u003e\u003ccode\u003e3be5ae5\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/9f90a8c797a20c19a80b78d340ac4251626c7494\"\u003e\u003ccode\u003e9f90a8c\u003c/code\u003e\u003c/a\u003e Fix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/f1574e57b8a31efaa9b1bfa530c672bc1fe3536d\"\u003e\u003ccode\u003ef1574e5\u003c/code\u003e\u003c/a\u003e Hash pin GitHub Actions (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ultrajson/ultrajson/compare/5.10.0...5.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.2.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.2.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.15\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.14\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.13\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.12\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.11\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.10\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.9\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev3.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression where IDNAError exception was not being produced for certain inputs.\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.13, drop support for Python 3.5 as it is no longer testable.\u003c/li\u003e\n\u003cli\u003eDocumentation improvements\u003c/li\u003e\n\u003cli\u003eUpdates to package testing using Github actions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Hugo van Kemenade for contributions to this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.8\"\u003ehttps://github.com/kjd/idna/compare/v3.7...v3.8\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.7...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 2.0.4 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Jan 28, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v2.0.4...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ujson` from 5.10.0 to 5.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ultrajson/ultrajson/releases\"\u003eujson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.12.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e) \u003ca href=\"https://github.com/nhancdt2602\"\u003e\u003ccode\u003e@​nhancdt2602\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix memory leak when \u003ccode\u003eujson.dump()\u003c/code\u003e is unable to write to its file (0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that pre-built wheels for graalpy on macOS have been omitted from this release due to infrastructural issues building them (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/731\"\u003e#731\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e5.12.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate license field (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/693\"\u003e#693\u003c/a\u003e) \u003ca href=\"https://github.com/wagenrace\"\u003e\u003ccode\u003e@​wagenrace\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild wheels for GraalPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/685\"\u003e#685\u003c/a\u003e) \u003ca href=\"https://github.com/timfel\"\u003e\u003ccode\u003e@​timfel\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/686\"\u003e#686\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix memory leak parsing large integers (\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\"\u003ehttps://github.com/ultrajson/ultrajson/commit/4baeb950df780092bd3c89fc702a868e99a3a1d2\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix buffer overflow/infinite loop from indent handling (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/709\"\u003e#709\u003c/a\u003e) \u003ca href=\"https://github.com/bwoodsend\"\u003e\u003ccode\u003e@​bwoodsend\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove upper bound of setuptools for PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/704\"\u003e#704\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.11.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInline type stubs (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/674\"\u003e#674\u003c/a\u003e) \u003ca href=\"https://github.com/MarcoGorelli\"\u003e\u003ccode\u003e@​MarcoGorelli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/680\"\u003e#680\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for PyPy3.11 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/658\"\u003e#658\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows ARM64 wheels (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/663\"\u003e#663\u003c/a\u003e) \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate to \u003ccode\u003esrc/\u003c/code\u003e layout (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/664\"\u003e#664\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBuild aarch64 wheels using native runners (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/652\"\u003e#652\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/645\"\u003e#645\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop support for EOL PyPy3.8-PyPy3.10 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/639\"\u003e#639\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/682\"\u003e#682\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ujson.loads): raises a JSONDecodeError instead of SystemError when parsing a nested json string (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/667\"\u003e#667\u003c/a\u003e) \u003ca href=\"https://github.com/grandnew\"\u003e\u003ccode\u003e@​grandnew\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin setuptools \u0026lt; 72.2 to fix build on PyPy (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/638\"\u003e#638\u003c/a\u003e) \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md example to match actual output (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/654\"\u003e#654\u003c/a\u003e) \u003ca href=\"https://github.com/AvdN\"\u003e\u003ccode\u003e@​AvdN\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/7d9036f4896256ac772fdb45d27d45463efe59cb\"\u003e\u003ccode\u003e7d9036f\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/0bf630aaef59c0aafd0c8a4fc8bbe2a7bcefa853\"\u003e\u003ccode\u003e0bf630a\u003c/code\u003e\u003c/a\u003e Temporarily disable pre-built wheels for graalpy on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/46f75969b18e1d37da3ad0fbb1954d146e072c5d\"\u003e\u003ccode\u003e46f7596\u003c/code\u003e\u003c/a\u003e Enable read access for CI/CD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9\"\u003e\u003ccode\u003e82af1d0\u003c/code\u003e\u003c/a\u003e Fix failure cleanup paths in ujson.dump()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ceae6cd09dd1c29e747fa4041febcd4fdfd33c0a\"\u003e\u003ccode\u003eceae6cd\u003c/code\u003e\u003c/a\u003e Gitignore .fuse_hidden and .DS_Store files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/dd87ed388816eb5a02bc6f752c27cda5df5c1aa1\"\u003e\u003ccode\u003edd87ed3\u003c/code\u003e\u003c/a\u003e Improve unit test coverage (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/718\"\u003e#718\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/ddbe2da83bd7fe9940eec1766bd75e21e76bc7d7\"\u003e\u003ccode\u003eddbe2da\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1 (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/717\"\u003e#717\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/3be5ae59f5548ec9a1fef56bfa2a005cfa5c6c09\"\u003e\u003ccode\u003e3be5ae5\u003c/code\u003e\u003c/a\u003e Update release-drafter/release-drafter action to v7.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/9f90a8c797a20c19a80b78d340ac4251626c7494\"\u003e\u003ccode\u003e9f90a8c\u003c/code\u003e\u003c/a\u003e Fix encoding ref leak with non-English character (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/714\"\u003e#714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ultrajson/ultrajson/commit/f1574e57b8a31efaa9b1bfa530c672bc1fe3536d\"\u003e\u003ccode\u003ef1574e5\u003c/code\u003e\u003c/a\u003e Hash pin GitHub Actions (\u003ca href=\"https://redirect.github.com/ultrajson/ultrajson/issues/715\"\u003e#715\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ultrajson/ultrajson/compare/5.10.0...5.12.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.2.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nBump dependency pins across 28 W\u0026B run directories to pick up security and compatibility updates. Only requirements.txt files were changed, upgrading `idna`, `mistune`, `ujson`, and `urllib3`.\n\n- **Dependencies**\n  - `idna`: 3.7 → 3.15\n  - `mistune`: 2.0.4 → 3.2.1\n  - `ujson`: 5.10.0 → 5.12.1\n  - `urllib3`: 2.2.3 → 2.7.0\n\n- **Migration**\n  - Ensure Python ≥ 3.10 (new `urllib3`/`ujson` drop 3.9).\n  - If you use `mistune` directly, verify compatibility with 3.x API.\n\n\u003csup\u003eWritten for commit a6b59fcf5fffdf9397dc3a73d66af4492a151433. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/affaan-m/Behavioral_RL/pull/5?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/affaan-m/Behavioral_RL/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/affaan-m%2FBehavioral_RL/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":null,"pr_created_at":"2026-05-18T18:53:07.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4471734015","node_id":"PR_kwDOHGh0ac7cyDPP","number":948,"state":"closed","title":"build(deps): bump the pipenv group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-29T11:00:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T18:53:07.000Z","updated_at":"2026-05-29T11:00:48.000Z","time_to_close":922058,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pipenv","update_count":11,"packages":[{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.47.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"python-multipart","old_version":"0.0.27","new_version":"0.0.29","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"tox","old_version":"4.52.0","new_version":"4.54.0","repository_url":"https://github.com/tox-dev/tox"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"cryptography","old_version":"46.0.6","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"myst-parser","old_version":"5.0.0","new_version":"5.1.0","repository_url":"https://github.com/executablebooks/MyST-Parser"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pipenv group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.47.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.27` | `0.0.29` |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [tox](https://github.com/tox-dev/tox) | `4.52.0` | `4.54.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `48.0.0` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [myst-parser](https://github.com/executablebooks/MyST-Parser) | `5.0.0` | `5.1.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n\n\nUpdates `fastapi` from 0.135.3 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.44.0 to 0.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2913\"\u003e#2913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Explicitly start ASGI run with empty context\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2903\"\u003e#2903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2906\"\u003e#2906\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/6761b2c8f9272fa0e908d0b9cdcb3cb0aa11382f\"\u003e\u003ccode\u003e6761b2c\u003c/code\u003e\u003c/a\u003e Remove Hugging Face sponsor block from docs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2923\"\u003e#2923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/438f64834de00708a9bb3548a36090e7a924ad84\"\u003e\u003ccode\u003e438f648\u003c/code\u003e\u003c/a\u003e Surface sponsors on welcome page and sidebar (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2921\"\u003e#2921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/10ddc6dd296cb6e432a00835abe27f1c822373c1\"\u003e\u003ccode\u003e10ddc6d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/b499bc45101d920e691e384025d728507215d4d1\"\u003e\u003ccode\u003eb499bc4\u003c/code\u003e\u003c/a\u003e Eagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.27 to 0.0.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d1b57392cf7d0c19235ba454eb5686fd27dc2384\"\u003e\u003ccode\u003ed1b5739\u003c/code\u003e\u003c/a\u003e Speed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/281\"\u003e#281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/09cb8c3da7638d45ecdf7c154832303214bba829\"\u003e\u003ccode\u003e09cb8c3\u003c/code\u003e\u003c/a\u003e Make the long_boundary benchmark dominated by the patched code path (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a6467c93c14aa4b09ef65450ead8011c45e5c7a0\"\u003e\u003ccode\u003ea6467c9\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Switch CodSpeed benchmarks to walltime mode\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9a9690035a956fbdcca06f98461244cf790375a7\"\u003e\u003ccode\u003e9a96900\u003c/code\u003e\u003c/a\u003e Switch CodSpeed benchmarks to walltime mode (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/278\"\u003e#278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tox` from 4.52.0 to 4.54.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/releases\"\u003etox's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.54.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🧪 test(conftest): strip broken nspkg.pth files under py3.15 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3937\"\u003etox-dev/tox#3937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(packaging): declare tox.pytest deps via a testing extra by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3940\"\u003etox-dev/tox#3940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(schema): cover every replace form in the TOML schema by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3941\"\u003etox-dev/tox#3941\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.1...4.54.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.1...4.54.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(security): harden user-facing logs and untrusted inputs by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3924\"\u003etox-dev/tox#3924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(type): correct argparse override signatures for ty 0.0.33 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3932\"\u003etox-dev/tox#3932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow deps arrays in TOML schema by \u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphercodes\"\u003e\u003ccode\u003e@​cyphercodes\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3931\"\u003etox-dev/tox#3931\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.53.0...4.53.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.53.0...4.53.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.53.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(toml): allow bare range/labeled dicts in env_list by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3923\"\u003etox-dev/tox#3923\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.1...4.53.0\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.1...4.53.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.52.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse normalize_isa for architecture factor matching by \u003ca href=\"https://github.com/rahuldevikar\"\u003e\u003ccode\u003e@​rahuldevikar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3919\"\u003etox-dev/tox#3919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(pip): invalidate install cache on resolution env var changes by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/tox/pull/3921\"\u003etox-dev/tox#3921\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.0...4.52.1\"\u003ehttps://github.com/tox-dev/tox/compare/4.52.0...4.52.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/tox/blob/main/docs/changelog.rst\"\u003etox's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eFeatures - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDeclare the runtime dependencies of the \u003ccode\u003etox.pytest\u003c/code\u003e plugin (\u003ccode\u003epytest\u003c/code\u003e, \u003ccode\u003edevpi-process\u003c/code\u003e and \u003ccode\u003epytest-mock\u003c/code\u003e)\nunder a new \u003ccode\u003etesting\u003c/code\u003e extra, so plugin authors can pull them in via \u003ccode\u003etox[testing]\u003c/code\u003e - by :user:\u003ccode\u003egaborbernat\u003c/code\u003e.\n(:issue:\u003ccode\u003e3938\u003c/code\u003e, :issue:\u003ccode\u003e3940\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes - 4.54.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eExtend the generated TOML schema to cover every \u003ccode\u003ereplace\u003c/code\u003e table form (\u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eref\u003c/code\u003e, \u003ccode\u003eposargs\u003c/code\u003e, \u003ccode\u003eglob\u003c/code\u003e,\n\u003ccode\u003eif\u003c/code\u003e), including conditional replacements used inside \u003ccode\u003ecommands\u003c/code\u003e. A guard test asserts the schema stays in sync\nwith the loader implementation so future replace types cannot be added without a corresponding schema entry.\n(:issue:\u003ccode\u003e3939\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.1 (2026-05-02)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eBug fixes - 4.53.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHardening pass on user-facing logging and config parsing:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMask secret-looking \u003ccode\u003e--key=value\u003c/code\u003e flag values in command logs (terminal warnings, \u003ccode\u003e.tox/\u0026lt;env\u0026gt;/log/*.log\u003c/code\u003e, and\n\u003ccode\u003eOutcome\u003c/code\u003e \u003ccode\u003e__repr__\u003c/code\u003e) using the same keyword regex previously applied to environment variable values.\u003c/li\u003e\n\u003cli\u003eResolve PEP 723 \u003ccode\u003escript\u003c/code\u003e paths and reject any that escape \u003ccode\u003etox_root\u003c/code\u003e; cap the script read at 5 MiB so a symlink\nto \u003ccode\u003e/dev/zero\u003c/code\u003e cannot exhaust memory.\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003eeval()\u003c/code\u003e of a constructed \u003ccode\u003eLiteral[...]\u003c/code\u003e string in the CLI parser with a direct\n\u003ccode\u003eLiteral[tuple(action.choices)]\u003c/code\u003e subscript.\u003c/li\u003e\n\u003cli\u003ePass \u003ccode\u003etimeout=30\u003c/code\u003e to \u003ccode\u003eurlopen\u003c/code\u003e when fetching a remote requirements file so a slow or unresponsive mirror cannot\nhang \u003ccode\u003etox\u003c/code\u003e indefinitely. (:issue:\u003ccode\u003e3924\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow the generated TOML schema to validate array values for \u003ccode\u003edeps\u003c/code\u003e. (:issue:\u003ccode\u003e3929\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCorrect type annotations for \u003ccode\u003eArgumentParser.parse_args\u003c/code\u003e and \u003ccode\u003eparse_known_args\u003c/code\u003e overrides following \u003ccode\u003etypeshed PR [#15613](https://github.com/tox-dev/tox/issues/15613) \u0026lt;https://github.com/python/typeshed/pull/15613\u0026gt;\u003c/code\u003e_, which widened the \u003ccode\u003eargs\u003c/code\u003e parameter from \u003ccode\u003eSequence[str]\u003c/code\u003e\nto \u003ccode\u003eIterable[str]\u003c/code\u003e. The narrower type in tox's overrides violated the Liskov substitution principle and caused\n\u003ccode\u003einvalid-method-override\u003c/code\u003e errors with \u003ccode\u003ety\u003c/code\u003e 0.0.33. Also correct the \u003ccode\u003eoption_spec\u003c/code\u003e annotation in\n\u003ccode\u003edocs/tox_conf.py\u003c/code\u003e to \u003ccode\u003eClassVar[dict[str, Callable[[str], Any]]]\u003c/code\u003e matching the docutils stubs type.\n(:issue:\u003ccode\u003e3932\u003c/code\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003ev4.53.0 (2026-04-14)\u003c/p\u003e\n\u003chr /\u003e\n\u003ch1\u003eFeatures - 4.53.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eTOML \u003ccode\u003eenv_list\u003c/code\u003e now accepts bare range dicts (\u003ccode\u003e{ prefix = \u0026quot;3.\u0026quot;, start = 12, stop = 14 }\u003c/code\u003e) and bare labeled dicts\n(\u003ccode\u003e{ ecosystem = [\u0026quot;oci\u0026quot;, \u0026quot;python\u0026quot;] }\u003c/code\u003e) as top-level items, removing the \u003ccode\u003e{ product = [...] }\u003c/code\u003e wrapper when there is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1f1fcc7a53665a827d8a304190696c6926ebb2eb\"\u003e\u003ccode\u003e1f1fcc7\u003c/code\u003e\u003c/a\u003e release 4.54.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/b35c8eedaf94906ed0e7938c7526dced550e6fa0\"\u003e\u003ccode\u003eb35c8ee\u003c/code\u003e\u003c/a\u003e 🐛 fix(schema): cover every replace form in the TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3941\"\u003e#3941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/6eb5c4f5eec439b3924d6adb3d9d16ea7fc88a20\"\u003e\u003ccode\u003e6eb5c4f\u003c/code\u003e\u003c/a\u003e ✨ feat(packaging): declare tox.pytest deps via a testing extra (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3940\"\u003e#3940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/1ad47ddaab21c891f136a9627d1c6cdb6ea655d7\"\u003e\u003ccode\u003e1ad47dd\u003c/code\u003e\u003c/a\u003e 🧪 test(conftest): strip broken nspkg.pth files under py3.15 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3937\"\u003e#3937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dfba9661b10aa5148daf7267b80fec50f4faa9d2\"\u003e\u003ccode\u003edfba966\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3936\"\u003e#3936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/21069af5f5b93774f88c271d5deb1389cd2caf12\"\u003e\u003ccode\u003e21069af\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3933\"\u003e#3933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/2b177917e4c0208c3e380e43f8d32d507180d82e\"\u003e\u003ccode\u003e2b17791\u003c/code\u003e\u003c/a\u003e release 4.53.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/86234dd57fc6a6dbf801aa98a91642cb9daf1dc8\"\u003e\u003ccode\u003e86234dd\u003c/code\u003e\u003c/a\u003e fix: allow deps arrays in TOML schema (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3931\"\u003e#3931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/dd305fe8f347c49fcd3bd63d5e56c912e4c428f2\"\u003e\u003ccode\u003edd305fe\u003c/code\u003e\u003c/a\u003e 🐛 fix(type): correct argparse override signatures for ty 0.0.33 (\u003ca href=\"https://redirect.github.com/tox-dev/tox/issues/3932\"\u003e#3932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/tox/commit/3aa3cd5d4226dfdb54de3de810cd9367390c6424\"\u003e\u003ccode\u003e3aa3cd5\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/tox/compare/4.52.0...4.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\n.. _pull 2165: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2165\"\u003ecoveragepy/coveragepy#2165\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-13-5:\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/646351b60429f1b5760af6c1b97b28483244a955\"\u003e\u003ccode\u003e646351b\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/39cd015505c8b04369c5b06e34fc22449a697370\"\u003e\u003ccode\u003e39cd015\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/649e8aa34af7d80c386ae82e8a3a6c9a3acb0dab\"\u003e\u003ccode\u003e649e8aa\u003c/code\u003e\u003c/a\u003e docs: thanks Alex Vandiver for \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/8cd392e3b5c4bc15d534aaec0c21714f9f518469\"\u003e\u003ccode\u003e8cd392e\u003c/code\u003e\u003c/a\u003e fix: snapshot data in Collector.flush_data to avoid threading race (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2165\"\u003e#2165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c48e0edc2ebe44621b0053176e90f77b0c79bec1\"\u003e\u003ccode\u003ec48e0ed\u003c/code\u003e\u003c/a\u003e fix: less output for combining\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/c2a3a284078556c911e0d9b6c6af1b7082a363ea\"\u003e\u003ccode\u003ec2a3a28\u003c/code\u003e\u003c/a\u003e docs: explain the change from \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/1cd47aa6ac1da4e150da44055295d4e4f3a014e8\"\u003e\u003ccode\u003e1cd47aa\u003c/code\u003e\u003c/a\u003e fix: implicit combine-during-report now removes the combined data files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2d99fd7696e0bccec8037479a4e45c1ecccb8058\"\u003e\u003ccode\u003e2d99fd7\u003c/code\u003e\u003c/a\u003e feat: automatically combine coverage in report, thanks Tim Hatch (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2162\"\u003e#2162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/9fbdcdfee1c122fac43f1bf9a5e2d1f4d835f21c\"\u003e\u003ccode\u003e9fbdcdf\u003c/code\u003e\u003c/a\u003e fix: lazy soft keywords are bolded\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/5de7d0267b9466d59995aaae1a7e707c8c6f66e7\"\u003e\u003ccode\u003e5de7d02\u003c/code\u003e\u003c/a\u003e build: oops, misplaced quote\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.6 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003c/p\u003e\n\u003cp\u003e47.0.0 - 2026-04-24\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.8 is deprecated and will be removed in the next\n\u003ccode\u003ecryptography\u003c/code\u003e release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for binary elliptic curves\n(\u003ccode\u003eSECT*\u003c/code\u003e classes) has been removed. These curves are rarely used and\nhave additional security considerations that make them undesirable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for OpenSSL 1.1.x has been removed.\nOpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC\ncontinue to be supported.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Dropped support for LibreSSL \u0026lt; 4.1.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Loading keys with unsupported algorithms or\nkeys with unsupported explicit curve encodings now raises\n:class:\u003ccode\u003e~cryptography.exceptions.UnsupportedAlgorithm\u003c/code\u003e instead of\n\u003ccode\u003eValueError\u003c/code\u003e. This change affects\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_private_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_pem_public_key\u003c/code\u003e,\n:func:\u003ccode\u003e~cryptography.hazmat.primitives.serialization.load_der_public_key\u003c/code\u003e,\nand :meth:\u003ccode\u003e~cryptography.x509.Certificate.public_key\u003c/code\u003e when called on\ncertificates with unsupported public key algorithms.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e When parsing elliptic curve private keys, we now\nreject keys that incorrectly encode a private key of the wrong length because\nsuch keys are impossible to process in a constant-time manner. We do not\nbelieve keys with this problem are in wide use, however we may revert this\nchange based on the feedback we receive.\u003c/li\u003e\n\u003cli\u003eDeprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to\n:class:\u003ccode\u003e~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES\u003c/code\u003e. In a\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.2.0 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `myst-parser` from 5.0.0 to 5.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/MyST-Parser/releases\"\u003emyst-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.1.0\u003c/h2\u003e\n\u003ch2\u003e✨ New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003e\u0026quot;alert\u0026quot;\u003c/code\u003e syntax extension for \u003ca href=\"https://docs.github.com/en/get-started/writing-on-github/getting...\n\n_Description has been truncated_","html_url":"https://github.com/repository-service-tuf/repository-service-tuf-api/pull/948","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/repository-service-tuf%2Frepository-service-tuf-api/issues/948","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/948/packages"}},{"old_version":"3.1.3","new_version":"3.2.1","update_type":"minor","path":null,"pr_created_at":"2026-05-13T10:41:15.000Z","version_change":"3.1.3 → 3.2.1","issue":{"uuid":"4437148476","node_id":"PR_kwDOQGKXZs7bE7g7","number":38,"state":"closed","title":"chore(deps): bump the uv group across 46 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T21:17:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-13T10:41:15.000Z","updated_at":"2026-05-19T21:17:03.000Z","time_to_close":556545,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":3,"packages":[{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.4.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the /llama-index-experimental directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 2 updates in the /llama-index-finetuning directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-agent-search-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-amazon-product-extraction directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-arize-phoenix-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-auto-merging-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-chroma-autoretrieval directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-code-hierarchy directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-cohere-citation-chat directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-deeplake-deepmemory-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-deeplake-multimodal-retrieval directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-dense-x-retrieval directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-diff-private-simple-dataset directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-evaluator-benchmarker directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-fusion-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-fuzzy-citation directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-gmail-openai-agent directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-koda-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-llama-dataset-metadata directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-llama-guard-moderator directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-llava-completion directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-longrag directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-mixture-of-agents directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-multi-tenancy-rag directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-multidoc-autoretrieval directory: [mistune](https://github.com/lepture/mistune) and [authlib](https://github.com/authlib/authlib).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-nebulagraph-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-neo4j-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-node-parser-semantic-chunking directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-ollama-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-panel-chatbot directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-raft-dataset directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-rag-evaluator directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-ragatouille-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-raptor directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-recursive-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-resume-screener directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-retry-engine-weaviate directory: [mistune](https://github.com/lepture/mistune) and [authlib](https://github.com/authlib/authlib).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-searchain directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-self-discover directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-self-rag directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-sentence-window-retriever directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-snowflake-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-stock-market-data-query-engine directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-streamlit-chatbot directory: [mistune](https://github.com/lepture/mistune).\nBumps the uv group with 2 updates in the /llama-index-packs/llama-index-packs-sub-question-weaviate directory: [mistune](https://github.com/lepture/mistune) and [authlib](https://github.com/authlib/authlib).\nBumps the uv group with 1 update in the /llama-index-packs/llama-index-packs-timescale-vector-autoretrieval directory: [mistune](https://github.com/lepture/mistune).\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.4.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.4.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.4.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.1.3 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/isaacus-dev/llama_index/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacus-dev%2Fllama_index/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":null,"pr_created_at":"2026-05-12T01:48:30.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4425558151","node_id":"PR_kwDOFx4mls7afUWm","number":2108,"state":"open","title":"build(deps): bump the uv group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","root","size/XS","python:uv"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T01:48:30.000Z","updated_at":"2026-05-12T01:53:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":9,"packages":[{"name":"dtale","old_version":"3.21.0","new_version":"3.22.0","repository_url":"https://github.com/man-group/dtale"},{"name":"jupyterlab","old_version":"4.5.6","new_version":"4.5.7","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"cryptography","old_version":"46.0.6","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"flask","old_version":"3.0.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbconvert","old_version":"7.17.0","new_version":"7.17.1","repository_url":"https://github.com/jupyter/nbconvert"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dtale](https://github.com/man-group/dtale) | `3.21.0` | `3.22.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.6` | `4.5.7` |\n| [cryptography](https://github.com/pyca/cryptography) | `46.0.6` | `46.0.7` |\n| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.18.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [nbconvert](https://github.com/jupyter/nbconvert) | `7.17.0` | `7.17.1` |\n\n\nUpdates `dtale` from 3.21.0 to 3.22.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/man-group/dtale/releases\"\u003edtale's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eD-Tale 3.22.0\u003c/h2\u003e\n\u003cp\u003eHighlights include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CWE-502: unsafe deserialization in Redis and Shelve storage backends\u003c/li\u003e\n\u003cli\u003eBump vulnerable transitive npm dependencies to patched versions\u003c/li\u003e\n\u003cli\u003eremove dependency on dash-daq outside of python2.7 and unpin dash \u0026amp; dash-bootstrap-components\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.14\u003c/li\u003e\n\u003cli\u003eupdates to \u003ccode\u003esave-column-filter\u003c/code\u003e endpoint to guard against code injection\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/man-group/dtale/blob/master/CHANGES.md\"\u003edtale's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e3.22.0 (2026-3-31)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix CWE-502: unsafe deserialization in Redis and Shelve storage backends\u003c/li\u003e\n\u003cli\u003eBump vulnerable transitive npm dependencies to patched versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/man-group/dtale/commits/v3.22.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyterlab` from 4.5.6 to 4.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyterlab/jupyterlab/releases\"\u003ejupyterlab's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.7\u003c/h2\u003e\n\u003ch2\u003e4.5.7\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyterlab/jupyterlab/compare/v4.5.6...66fe9adfc1d501d1368404037f26925870741933\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-42557 \u003ca href=\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg\"\u003ehttps://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-42266 \u003ca href=\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\"\u003ehttps://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40171 \u003ca href=\"https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9\"\u003ehttps://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eVideo and Audio Content Providers: Fix JupyterLite support \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18652\"\u003e#18652\u003c/a\u003e (\u003ca href=\"https://github.com/martinRenou\"\u003e\u003ccode\u003e@​martinRenou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix notebook hang when dropping cells \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18808\"\u003e#18808\u003c/a\u003e (\u003ca href=\"https://github.com/MUFFANUJ\"\u003e\u003ccode\u003e@​MUFFANUJ\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Contextual Help keyboard shortcut reliability and menu Help functionality \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18747\"\u003e#18747\u003c/a\u003e (\u003ca href=\"https://github.com/itsmejay80\"\u003e\u003ccode\u003e@​itsmejay80\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix focusing input element when opening a dialog from Command Palette \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18735\"\u003e#18735\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix native context menu blocked even when context menu is suppressed \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18753\"\u003e#18753\u003c/a\u003e (\u003ca href=\"https://github.com/utsav-develops\"\u003e\u003ccode\u003e@​utsav-develops\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky toolbar item placement in popup \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18618\"\u003e#18618\u003c/a\u003e (\u003ca href=\"https://github.com/filipeoliveira05\"\u003e\u003ccode\u003e@​filipeoliveira05\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate terminal default font family to honor macOS system-wide ui-monospace \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18647\"\u003e#18647\u003c/a\u003e (\u003ca href=\"https://github.com/flaviomartins\"\u003e\u003ccode\u003e@​flaviomartins\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix linting issue \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18819\"\u003e#18819\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix syntax for Python 3.9 on \u003ccode\u003e4.5.x\u003c/code\u003e branch \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18817\"\u003e#18817\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unused CodeMirror v5 CSS rule \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18785\"\u003e#18785\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unused CSS rule forgotten after CodeMirror migration \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18763\"\u003e#18763\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unused progress bar CSS rule in execution indicator \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18759\"\u003e#18759\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove dead \u003ccode\u003e.jp-VariableRenderer-TrustButton\u003c/code\u003e CSS rule \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18762\"\u003e#18762\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove used \u003ccode\u003e.jp-Cell-Placeholder\u003c/code\u003e CSS rules \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18761\"\u003e#18761\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix name of option for extension manager implementation in docs \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18788\"\u003e#18788\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove 4.5.0 announcement from docs \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/pull/18740\"\u003e#18740\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyterlab/jupyterlab/graphs/contributors?from=2026-03-11\u0026amp;to=2026-04-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3ACarreau+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/filipeoliveira05\"\u003e\u003ccode\u003e@​filipeoliveira05\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Afilipeoliveira05+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/flaviomartins\"\u003e\u003ccode\u003e@​flaviomartins\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Aflaviomartins+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/itsmejay80\"\u003e\u003ccode\u003e@​itsmejay80\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Aitsmejay80+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Ajtpio+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Akrassowski+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/martinRenou\"\u003e\u003ccode\u003e@​martinRenou\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AmartinRenou+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MUFFANUJ\"\u003e\u003ccode\u003e@​MUFFANUJ\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3AMUFFANUJ+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/utsav-develops\"\u003e\u003ccode\u003e@​utsav-develops\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyterlab%2Fjupyterlab+involves%3Autsav-develops+updated%3A2026-03-11..2026-04-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/f51404192bf6d0ff79187c884f21e1f91b928146\"\u003e\u003ccode\u003ef514041\u003c/code\u003e\u003c/a\u003e [ci skip] Publish 4.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/66fe9adfc1d501d1368404037f26925870741933\"\u003e\u003ccode\u003e66fe9ad\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18652\"\u003e#18652\u003c/a\u003e on branch 4.5.x (Video and Audio Content Providers: Fix Ju...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/f4455fac1b3c5b3ac4f06c95f78cfd39fb3157ed\"\u003e\u003ccode\u003ef4455fa\u003c/code\u003e\u003c/a\u003e Fix syntax for Python 3.9 on \u003ccode\u003e4.5.x\u003c/code\u003e branch (\u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18817\"\u003e#18817\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/d2322b5f54c61945d1cfbaebfcfba1a76a1bce79\"\u003e\u003ccode\u003ed2322b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18819\"\u003e#18819\u003c/a\u003e on branch 4.5.x (Fix linting issue) (\u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18820\"\u003e#18820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/5d9cb8c634e081028ea6df4dd7149a1b1a84ec56\"\u003e\u003ccode\u003e5d9cb8c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/1de120b5fe52f1148b45ca6ccbb03754e259b792\"\u003e\u003ccode\u003e1de120b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/6926100ea09e41a48446406c0b8cc02539c6ede1\"\u003e\u003ccode\u003e6926100\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18808\"\u003e#18808\u003c/a\u003e on branch 4.5.x (Fix notebook hang when dropping cells) (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/67e6e88f7c4ec02a064f24b7a0d3f09af7eaab70\"\u003e\u003ccode\u003e67e6e88\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18647\"\u003e#18647\u003c/a\u003e on branch 4.5.x (Update default font family to honor macOS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/bf21eb97eb2d61f1a084a0562be73108fe8ddb4f\"\u003e\u003ccode\u003ebf21eb9\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18747\"\u003e#18747\u003c/a\u003e on branch 4.5.x (Fix Contextual Help keyboard shortcut rel...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyterlab/jupyterlab/commit/73cafa54f9dbaa5e7034223cd0961a9eb0195995\"\u003e\u003ccode\u003e73cafa5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/jupyterlab/jupyterlab/issues/18788\"\u003e#18788\u003c/a\u003e on branch 4.5.x (Fix name of option for extension manager ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.5.6...@jupyterlab/lsp@4.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 46.0.6 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyca/cryptography/compare/46.0.6...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-server` from 2.17.0 to 2.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-40110 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2025-61669 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40934 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-35397 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop  blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix context pollution \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1561\"\u003e#1561\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix gateway cookie handling \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1558\"\u003e#1558\u003c/a\u003e (\u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/RRosio\"\u003e\u003ccode\u003e@​RRosio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix connection exception cause high cpu load \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1484\"\u003e#1484\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStart to test on Python 3.13 and 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1623\"\u003e#1623\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1621\"\u003e#1621\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1615\"\u003e#1615\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix package spec for jupytext \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1614\"\u003e#1614\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update pre-commit hooks \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1607\"\u003e#1607\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etry to fix ci on windows \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1600\"\u003e#1600\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erun prerelease tests on 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1599\"\u003e#1599\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin sphinx to an older version (\u0026lt;9) to fix docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1597\"\u003e#1597\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid redundant call to \u003ccode\u003e_get_os_path\u003c/code\u003e in \u003ccode\u003e_dir_model\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1547\"\u003e#1547\u003c/a\u003e (\u003ca href=\"https://github.com/joeyutong\"\u003e\u003ccode\u003e@​joeyutong\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow specifying extra params to scrub from logs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1538\"\u003e#1538\u003c/a\u003e (\u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a logger to the ExtensionPoint API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1523\"\u003e#1523\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow user to update identity values \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1518\"\u003e#1518\u003c/a\u003e (\u003ca href=\"https://github.com/brichet\"\u003e\u003ccode\u003e@​brichet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIf ServerApp.ip is ipv6 use [::1] as local_url \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1495\"\u003e#1495\u003c/a\u003e (\u003ca href=\"https://github.com/manics\"\u003e\u003ccode\u003e@​manics\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/afshin\"\u003e\u003ccode\u003e@​afshin\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter error message when starting kernel for session. \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1478\"\u003e#1478\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a traitlet to disable recording HTTP request metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1472\"\u003e#1472\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprometheus: Expose 3 activity metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1471\"\u003e#1471\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus info metrics listing server extensions + versions \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1470\"\u003e#1470\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus metric with version information \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1467\"\u003e#1467\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't hide .so,.dylib files by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1457\"\u003e#1457\u003c/a\u003e (\u003ca href=\"https://github.com/nokados\"\u003e\u003ccode\u003e@​nokados\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter hash format error message \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1442\"\u003e#1442\u003c/a\u003e (\u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoving excessive logging from reading local files \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1420\"\u003e#1420\u003c/a\u003e (\u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd async start hook to ExtensionApp API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1417\"\u003e#1417\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Darshan808\"\u003e\u003ccode\u003e@​Darshan808\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not include token in dashboard link, when available \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1406\"\u003e#1406\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to have authentication enabled for all endpoints by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1392\"\u003e#1392\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewebsockets: add configurations for ping interval and timeout \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1391\"\u003e#1391\u003c/a\u003e (\u003ca href=\"https://github.com/oliver-sanders\"\u003e\u003ccode\u003e@​oliver-sanders\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elog extension import time at debug level unless it's actually slow \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1375\"\u003e#1375\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for async Authorizers (part 2) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1374\"\u003e#1374\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport async Authorizers \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1373\"\u003e#1373\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport get file(notebook) md5 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1363\"\u003e#1363\u003c/a\u003e (\u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kernel env to reflect changes in session \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1354\"\u003e#1354\u003c/a\u003e (\u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0ceed45a803ca36735f0fcfeb6d9db9430a50aa0\"\u003e\u003ccode\u003e0ceed45\u003c/code\u003e\u003c/a\u003e Publish 2.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003e\u003ccode\u003e49b3439\u003c/code\u003e\u003c/a\u003e Move check origin into a util function and add it to websocket (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1630\"\u003e#1630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e2e08c845ddbc41fddcb2449601d2ecbd9dd5977\"\u003e\u003ccode\u003ee2e08c8\u003c/code\u003e\u003c/a\u003e Add test case for bad next URL format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/624d6c0daf573e254a3fd69ca5318ce8194235bf\"\u003e\u003ccode\u003e624d6c0\u003c/code\u003e\u003c/a\u003e Delete outdated patch code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/d825b93d9cf2da248d5baa6ca910611f275fa449\"\u003e\u003ccode\u003ed825b93\u003c/code\u003e\u003c/a\u003e Apply suggestion from \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/789fed081a489ff38c50ec9f6c0364cb677d4cd2\"\u003e\u003ccode\u003e789fed0\u003c/code\u003e\u003c/a\u003e patch open redirect in /login\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/2ee51eccf3ff2e27068cc0b7a39101eeedc4f665\"\u003e\u003ccode\u003e2ee51ec\u003c/code\u003e\u003c/a\u003e fix(CVE-2026-35397): path traversal when target dir starts with root dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea\"\u003e\u003ccode\u003e057869a\u003c/code\u003e\u003c/a\u003e Fix allow_origin_pat to do full matching instead of prefix matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/4862199a0fffacd4d2e4a0c2e61fc8bb5ffa52f0\"\u003e\u003ccode\u003e4862199\u003c/code\u003e\u003c/a\u003e Add resolvePath API for resolving kernel-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e31d51406de6a9b167b796ec79ab3315630d514a\"\u003e\u003ccode\u003ee31d514\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3 in the actions group across ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...v2.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-6.0.2...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.2.0 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nbconvert` from 7.17.0 to 7.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.1\u003c/h2\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Actcjab+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Adavidbrochart+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Ken-B\"\u003e\u003ccode\u003e@​Ken-B\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AKen-B+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgeier\"\u003e\u003ccode\u003e@​mgeier\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgeier+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mpacer\"\u003e\u003ccode\u003e@​mpacer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ampacer+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/SylvainCorlay\"\u003e\u003ccode\u003e@​SylvainCorlay\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ASylvainCorlay+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/takluyver\"\u003e\u003ccode\u003e@​takluyver\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atakluyver+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Atimkpaine+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.1\u003c/h2\u003e\n\u003cp\u003eThis is a security release, fixing two CVEs:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg\"\u003eCVE-2026-39377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9\"\u003eCVE-2026-39378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(full advisories will be published seven days after release, on 2026-04-14).\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.17.0...b3b6ec01f872e9af8fd1769eb9cf1889c720ecf3\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow configureable WebPDF JavaScript processing timeout \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2250\"\u003e#2250\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003ePermissionError\u003c/code\u003e when checking template paths on shared filesystems \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2252\"\u003e#2252\u003c/a\u003e (\u003ca href=\"https://github.com/ctcjab\"\u003e\u003ccode\u003e@​ctcjab\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTweak webpdf template logic to fix duplicate extension problem \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2249\"\u003e#2249\u003c/a\u003e (\u003ca href=\"https://github.com/timkpaine\"\u003e\u003ccode\u003e@​timkpaine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003especify python version for pre \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2276\"\u003e#2276\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2026-01-29\u0026amp;to=2026-04-08\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/akhmerov\"\u003e\u003ccode\u003e@​akhmerov\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aakhmerov+updated%3A2026-01-29..2026-04-08\u0026amp;type=Issues\"\u003eact...\n\n_Description has been truncated_","html_url":"https://github.com/Anselmoo/spectrafit/pull/2108","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anselmoo%2Fspectrafit/issues/2108","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2108/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":null,"pr_created_at":"2026-05-12T01:35:45.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4425510723","node_id":"PR_kwDOAal_NM7afKn7","number":2043,"state":"closed","title":"Bump the pip group across 6 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T19:15:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T01:35:45.000Z","updated_at":"2026-05-18T19:15:37.000Z","time_to_close":581990,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":3,"packages":[{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.18.0","repository_url":"https://github.com/jupyter-server/jupyter_server"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /mpcontribs-api/requirements directory: [jupyter-server](https://github.com/jupyter-server/jupyter_server), [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /mpcontribs-client/requirements directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /mpcontribs-kernel-gateway/requirements directory: [jupyter-server](https://github.com/jupyter-server/jupyter_server), [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /mpcontribs-lux/requirements directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 2 updates in the /mpcontribs-portal/requirements directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /mpcontribs-serverless/dependencies directory: [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `jupyter-server` from 2.17.0 to 2.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-40110 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2025-61669 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40934 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-35397 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop  blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix context pollution \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1561\"\u003e#1561\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix gateway cookie handling \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1558\"\u003e#1558\u003c/a\u003e (\u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/RRosio\"\u003e\u003ccode\u003e@​RRosio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix connection exception cause high cpu load \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1484\"\u003e#1484\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStart to test on Python 3.13 and 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1623\"\u003e#1623\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1621\"\u003e#1621\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1615\"\u003e#1615\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix package spec for jupytext \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1614\"\u003e#1614\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update pre-commit hooks \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1607\"\u003e#1607\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etry to fix ci on windows \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1600\"\u003e#1600\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erun prerelease tests on 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1599\"\u003e#1599\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin sphinx to an older version (\u0026lt;9) to fix docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1597\"\u003e#1597\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid redundant call to \u003ccode\u003e_get_os_path\u003c/code\u003e in \u003ccode\u003e_dir_model\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1547\"\u003e#1547\u003c/a\u003e (\u003ca href=\"https://github.com/joeyutong\"\u003e\u003ccode\u003e@​joeyutong\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow specifying extra params to scrub from logs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1538\"\u003e#1538\u003c/a\u003e (\u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a logger to the ExtensionPoint API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1523\"\u003e#1523\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow user to update identity values \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1518\"\u003e#1518\u003c/a\u003e (\u003ca href=\"https://github.com/brichet\"\u003e\u003ccode\u003e@​brichet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIf ServerApp.ip is ipv6 use [::1] as local_url \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1495\"\u003e#1495\u003c/a\u003e (\u003ca href=\"https://github.com/manics\"\u003e\u003ccode\u003e@​manics\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/afshin\"\u003e\u003ccode\u003e@​afshin\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter error message when starting kernel for session. \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1478\"\u003e#1478\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a traitlet to disable recording HTTP request metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1472\"\u003e#1472\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprometheus: Expose 3 activity metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1471\"\u003e#1471\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus info metrics listing server extensions + versions \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1470\"\u003e#1470\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus metric with version information \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1467\"\u003e#1467\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't hide .so,.dylib files by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1457\"\u003e#1457\u003c/a\u003e (\u003ca href=\"https://github.com/nokados\"\u003e\u003ccode\u003e@​nokados\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter hash format error message \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1442\"\u003e#1442\u003c/a\u003e (\u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoving excessive logging from reading local files \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1420\"\u003e#1420\u003c/a\u003e (\u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd async start hook to ExtensionApp API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1417\"\u003e#1417\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Darshan808\"\u003e\u003ccode\u003e@​Darshan808\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not include token in dashboard link, when available \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1406\"\u003e#1406\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to have authentication enabled for all endpoints by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1392\"\u003e#1392\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewebsockets: add configurations for ping interval and timeout \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1391\"\u003e#1391\u003c/a\u003e (\u003ca href=\"https://github.com/oliver-sanders\"\u003e\u003ccode\u003e@​oliver-sanders\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003elog extension import time at debug level unless it's actually slow \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1375\"\u003e#1375\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for async Authorizers (part 2) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1374\"\u003e#1374\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport async Authorizers \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1373\"\u003e#1373\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport get file(notebook) md5 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1363\"\u003e#1363\u003c/a\u003e (\u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate kernel env to reflect changes in session \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1354\"\u003e#1354\u003c/a\u003e (\u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/0ceed45a803ca36735f0fcfeb6d9db9430a50aa0\"\u003e\u003ccode\u003e0ceed45\u003c/code\u003e\u003c/a\u003e Publish 2.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003e\u003ccode\u003e49b3439\u003c/code\u003e\u003c/a\u003e Move check origin into a util function and add it to websocket (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1630\"\u003e#1630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e2e08c845ddbc41fddcb2449601d2ecbd9dd5977\"\u003e\u003ccode\u003ee2e08c8\u003c/code\u003e\u003c/a\u003e Add test case for bad next URL format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/624d6c0daf573e254a3fd69ca5318ce8194235bf\"\u003e\u003ccode\u003e624d6c0\u003c/code\u003e\u003c/a\u003e Delete outdated patch code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/d825b93d9cf2da248d5baa6ca910611f275fa449\"\u003e\u003ccode\u003ed825b93\u003c/code\u003e\u003c/a\u003e Apply suggestion from \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/789fed081a489ff38c50ec9f6c0364cb677d4cd2\"\u003e\u003ccode\u003e789fed0\u003c/code\u003e\u003c/a\u003e patch open redirect in /login\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/2ee51eccf3ff2e27068cc0b7a39101eeedc4f665\"\u003e\u003ccode\u003e2ee51ec\u003c/code\u003e\u003c/a\u003e fix(CVE-2026-35397): path traversal when target dir starts with root dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea\"\u003e\u003ccode\u003e057869a\u003c/code\u003e\u003c/a\u003e Fix allow_origin_pat to do full matching instead of prefix matching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/4862199a0fffacd4d2e4a0c2e61fc8bb5ffa52f0\"\u003e\u003ccode\u003e4862199\u003c/code\u003e\u003c/a\u003e Add resolvePath API for resolving kernel-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter-server/jupyter_server/commit/e31d51406de6a9b167b796ec79ab3315630d514a\"\u003e\u003ccode\u003ee31d514\u003c/code\u003e\u003c/a\u003e Bump actions/create-github-app-token from 2 to 3 in the actions group across ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...v2.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.2.0 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-server` from 2.17.0 to 2.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/releases\"\u003ejupyter-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.17.0...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eSecurity patches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-40110 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2025-61669 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-40934 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-35397 \u003ca href=\"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\"\u003ehttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop  blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd resolvePath API for resolving kernel-relative paths \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1331\"\u003e#1331\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove check origin into a util function and add it to websocket \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1630\"\u003e#1630\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix flaky test_restart_kernel by unsticking nudge() after port-changing restart \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1628\"\u003e#1628\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/claude\"\u003e\u003ccode\u003e@​claude\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTry to fix flaky test \u0026quot;test_restart_kernel\u0026quot; \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1625\"\u003e#1625\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix potential unraisable pytest error \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1624\"\u003e#1624\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: use %s placeholders in HTTPError to prevent Tornado from doubling % in gateway URLs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1620\"\u003e#1620\u003c/a\u003e (\u003ca href=\"https://github.com/terminalchai\"\u003e\u003ccode\u003e@​terminalchai\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/ptch314\"\u003e\u003ccode\u003e@​ptch314\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix three file descriptor leaks in kernel connection lifecycle (\u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/issues/1506\"\u003e#1506\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1619\"\u003e#1619\u003c/a\u003e (\u003ca href=\"https://github.com/tonyx93\"\u003e\u003ccode\u003e@​tonyx93\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse web.HTTPError for kernel restart failures \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1616\"\u003e#1616\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle EADDRINUSE and EACCES in _bind_http_server_tcp \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1613\"\u003e#1613\u003c/a\u003e (\u003ca href=\"https://github.com/YDawn\"\u003e\u003ccode\u003e@​YDawn\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse st_birthtime for file created timestamp on macOS/BSD \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1594\"\u003e#1594\u003c/a\u003e (\u003ca href=\"https://github.com/ktaletsk\"\u003e\u003ccode\u003e@​ktaletsk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double write when refusing hidden files in contents handler \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1585\"\u003e#1585\u003c/a\u003e (\u003ca href=\"https://github.com/Krish-876\"\u003e\u003ccode\u003e@​Krish-876\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClose all sockets in _find_http_port explicitly \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1584\"\u003e#1584\u003c/a\u003e (\u003ca href=\"https://github.com/MaryushSoroka\"\u003e\u003ccode\u003e@​MaryushSoroka\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix writing on remote file systems with attribute cache \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1574\"\u003e#1574\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd IdentityProvider.cookie_secret_hook \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1569\"\u003e#1569\u003c/a\u003e (\u003ca href=\"https://github.com/emin63\"\u003e\u003ccode\u003e@​emin63\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix context pollution \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1561\"\u003e#1561\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix gateway cookie handling \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1558\"\u003e#1558\u003c/a\u003e (\u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/RRosio\"\u003e\u003ccode\u003e@​RRosio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix connection exception cause high cpu load \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1484\"\u003e#1484\u003c/a\u003e (\u003ca href=\"https://github.com/dualc\"\u003e\u003ccode\u003e@​dualc\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStart to test on Python 3.13 and 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1623\"\u003e#1623\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/create-github-app-token from 2 to 3 in the actions group across 1 directory \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1621\"\u003e#1621\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1615\"\u003e#1615\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix package spec for jupytext \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1614\"\u003e#1614\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: update pre-commit hooks \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1607\"\u003e#1607\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etry to fix ci on windows \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1600\"\u003e#1600\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erun prerelease tests on 3.14 \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1599\"\u003e#1599\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePin sphinx to an older version (\u0026lt;9) to fix docs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1597\"\u003e#1597\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter-server/jupyter_server/blob/main/CHANGELOG.md\"\u003ejupyter-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.18.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter-server/jupyter_server/compare/v2.9.1...49b34392feaa97735b3b777e3baf8f22f2a14ed8\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eAPI and Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd query param to sanitize HTML in GET /nbconvert/html \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1618\"\u003e#1618\u003c/a\u003e (\u003ca href=\"https://github.com/Yann-P\"\u003e\u003ccode\u003e@​Yann-P\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate handlers.py to fix ioloop blockers(sync file operations) \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1617\"\u003e#1617\u003c/a\u003e (\u003ca href=\"https://github.com/zolyfarkas-fb\"\u003e\u003ccode\u003e@​zolyfarkas-fb\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid redundant call to \u003ccode\u003e_get_os_path\u003c/code\u003e in \u003ccode\u003e_dir_model\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1547\"\u003e#1547\u003c/a\u003e (\u003ca href=\"https://github.com/joeyutong\"\u003e\u003ccode\u003e@​joeyutong\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow specifying extra params to scrub from logs \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1538\"\u003e#1538\u003c/a\u003e (\u003ca href=\"https://github.com/jtpio\"\u003e\u003ccode\u003e@​jtpio\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a logger to the ExtensionPoint API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1523\"\u003e#1523\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow user to update identity values \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1518\"\u003e#1518\u003c/a\u003e (\u003ca href=\"https://github.com/brichet\"\u003e\u003ccode\u003e@​brichet\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIf ServerApp.ip is ipv6 use [::1] as local_url \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1495\"\u003e#1495\u003c/a\u003e (\u003ca href=\"https://github.com/manics\"\u003e\u003ccode\u003e@​manics\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/afshin\"\u003e\u003ccode\u003e@​afshin\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter error message when starting kernel for session. \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1478\"\u003e#1478\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/davidbrochart\"\u003e\u003ccode\u003e@​davidbrochart\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a traitlet to disable recording HTTP request metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1472\"\u003e#1472\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprometheus: Expose 3 activity metrics \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1471\"\u003e#1471\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus info metrics listing server extensions + versions \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1470\"\u003e#1470\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd prometheus metric with version information \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1467\"\u003e#1467\u003c/a\u003e (\u003ca href=\"https://github.com/yuvipanda\"\u003e\u003ccode\u003e@​yuvipanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't hide .so,.dylib files by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1457\"\u003e#1457\u003c/a\u003e (\u003ca href=\"https://github.com/nokados\"\u003e\u003ccode\u003e@​nokados\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/vidartf\"\u003e\u003ccode\u003e@​vidartf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBetter hash format error message \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1442\"\u003e#1442\u003c/a\u003e (\u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoving excessive logging from reading local files \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1420\"\u003e#1420\u003c/a\u003e (\u003ca href=\"https://github.com/lresende\"\u003e\u003ccode\u003e@​lresende\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/kevin-bates\"\u003e\u003ccode\u003e@​kevin-bates\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd async start hook to ExtensionApp API \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1417\"\u003e#1417\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Darshan808\"\u003e\u003ccode\u003e@​Darshan808\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/fcollonval\"\u003e\u003ccode\u003e@​fcollonval\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not include token in dashboard link, when available \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1406\"\u003e#1406\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccode\u003e@​blink1073\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to have authentication enabled for all endpoints by default \u003ca href=\"https://redirect.github.com/jupyter-server/jupyter_server/pull/1392\"\u003e#1392\u003c/a\u003e (\u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Wh1isper\"\u003e\u003ccode\u003e@​Wh1isper\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/blink1073\"\u003e\u003ccod...\n\n_Description has been truncated_","html_url":"https://github.com/materialsproject/MPContribs/pull/2043","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/materialsproject%2FMPContribs/issues/2043","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2043/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":null,"pr_created_at":"2026-05-11T21:22:02.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4424393400","node_id":"PR_kwDODVEffM7abjpw","number":3065,"state":"open","title":":dependabot: uv(deps): Bump mistune from 3.2.0 to 3.2.1","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T21:22:02.000Z","updated_at":"2026-05-11T21:22:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":":dependabot: uv(deps): Bump","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/moj-analytical-services/splink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/moj-analytical-services/splink/pull/3065","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/moj-analytical-services%2Fsplink/issues/3065","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3065/packages"}},{"old_version":"3.1.1","new_version":"3.2.1","update_type":"minor","path":null,"pr_created_at":"2026-05-11T19:11:13.000Z","version_change":"3.1.1 → 3.2.1","issue":{"uuid":"4423568601","node_id":"PR_kwDOOAKIic7aY2Io","number":20,"state":"closed","title":"Bump the pip group across 2 directories with 2 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T21:47:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T19:11:13.000Z","updated_at":"2026-05-19T21:47:48.000Z","time_to_close":700593,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":2,"packages":[{"name":"mistune","old_version":"3.1.1","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"mistune","old_version":"3.0.2","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the / directory: [mistune](https://github.com/lepture/mistune).\nBumps the pip group with 2 updates in the /docs directory: [mistune](https://github.com/lepture/mistune) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `mistune` from 3.1.1 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.1...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mistune` from 3.0.2 to 3.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ff83129\"\u003e\u003c!-- raw HTML omitted --\u003e(ff831)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.2...v3.1.3\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eplugin\u003c/strong\u003e: Fix footnote plugins when rendering ast  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a728952\"\u003e\u003c!-- raw HTML omitted --\u003e(a7289)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Mar 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.12 and 3.13\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Feb 19, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003efootnotes\u003c/code\u003e plugin for AST renderer\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.1...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/canstralian/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/canstralian/llama_index/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/canstralian%2Fllama_index/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":null,"pr_created_at":"2026-05-10T06:07:17.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4414830697","node_id":"PR_kwDOHCxsjs7Z9JY8","number":187,"state":"open","title":"Bump mistune from 3.2.0 to 3.2.1","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T06:07:17.000Z","updated_at":"2026-05-10T06:15:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":null,"ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=pip\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/qiboteam/qibochem/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/qiboteam/qibochem/pull/187","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/qiboteam%2Fqibochem/issues/187","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/187/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/callbacks/llama-index-callbacks-literalai","pr_created_at":"2026-05-09T08:38:37.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411875104","node_id":"PR_kwDOQZvM_M7Z0Jww","number":121,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/callbacks/llama-index-callbacks-literalai","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T08:38:37.000Z","updated_at":"2026-05-09T08:40:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/callbacks/llama-index-callbacks-literalai","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/121","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/121","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/121/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/callbacks/llama-index-callbacks-argilla","pr_created_at":"2026-05-09T08:23:21.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411842441","node_id":"PR_kwDOQZvM_M7Z0Dnw","number":119,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/callbacks/llama-index-callbacks-argilla","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T08:23:21.000Z","updated_at":"2026-05-09T08:25:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/callbacks/llama-index-callbacks-argilla","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/119","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/119","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/119/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/embeddings/llama-index-embeddings-databricks","pr_created_at":"2026-05-09T08:21:16.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411838093","node_id":"PR_kwDOQZvM_M7Z0CzS","number":118,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-databricks","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T08:21:16.000Z","updated_at":"2026-05-09T08:23:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-databricks","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/118","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/118","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/118/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/embeddings/llama-index-embeddings-instructor","pr_created_at":"2026-05-09T07:58:07.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411781519","node_id":"PR_kwDOQZvM_M7Zz4La","number":116,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-instructor","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T07:58:07.000Z","updated_at":"2026-05-09T08:00:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-instructor","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/116","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/116","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/116/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/embeddings/llama-index-embeddings-litellm","pr_created_at":"2026-05-09T07:04:36.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411594007","node_id":"PR_kwDOQZvM_M7ZzRBm","number":109,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-litellm","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T07:04:36.000Z","updated_at":"2026-05-09T07:05:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-litellm","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/109","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/109","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/109/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/embeddings/llama-index-embeddings-fireworks","pr_created_at":"2026-05-09T06:56:03.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411564216","node_id":"PR_kwDOQZvM_M7ZzKzY","number":108,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-fireworks","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T06:56:03.000Z","updated_at":"2026-05-09T06:58:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-fireworks","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/108","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/108","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/108/packages"}},{"old_version":"3.2.0","new_version":"3.2.1","update_type":"patch","path":"/llama-index-integrations/embeddings/llama-index-embeddings-alephalpha","pr_created_at":"2026-05-09T06:41:50.000Z","version_change":"3.2.0 → 3.2.1","issue":{"uuid":"4411511014","node_id":"PR_kwDOQZvM_M7Zy_Rm","number":106,"state":"open","title":"chore(deps): bump mistune from 3.2.0 to 3.2.1 in /llama-index-integrations/embeddings/llama-index-embeddings-alephalpha","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T06:41:50.000Z","updated_at":"2026-05-09T06:44:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/llama-index-integrations/embeddings/llama-index-embeddings-alephalpha","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.2.0 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.2.0\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Sherlock999xxx/llama_index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Sherlock999xxx/llama_index/pull/106","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sherlock999xxx%2Fllama_index/issues/106","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/106/packages"}},{"old_version":"3.1.3","new_version":"3.2.1","update_type":"minor","path":"/examples/gsm8k-custom-recipe-dspy","pr_created_at":"2026-05-09T06:36:59.000Z","version_change":"3.1.3 → 3.2.1","issue":{"uuid":"4411493314","node_id":"PR_kwDOPAsHRs7Zy7fl","number":68,"state":"open","title":"Bump mistune from 3.1.3 to 3.2.1 in /examples/gsm8k-custom-recipe-dspy","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T06:36:59.000Z","updated_at":"2026-05-09T06:37:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"mistune","old_version":"3.1.3","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"}],"path":"/examples/gsm8k-custom-recipe-dspy","ecosystem":"pip"},"body":"Bumps [mistune](https://github.com/lepture/mistune) from 3.1.3 to 3.2.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/releases\"\u003emistune's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve Windows compatibility issues in file inclusion and tests  -  by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2547102\"\u003e\u003c!-- raw HTML omitted --\u003e(25471)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape html text  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a3cb6e5\"\u003e\u003c!-- raw HTML omitted --\u003e(a3cb6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link reference  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/85eb54f\"\u003e\u003c!-- raw HTML omitted --\u003e(85eb5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle escaped dollar signs in inline math  -  by \u003ca href=\"https://github.com/saschabuehrle\"\u003e\u003ccode\u003e@​saschabuehrle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003elepture/mistune#370\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7bd5709\"\u003e\u003c!-- raw HTML omitted --\u003e(7bd57)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of toc  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/04880a0\"\u003e\u003c!-- raw HTML omitted --\u003e(04880)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape id of headings  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2855622\"\u003e\u003c!-- raw HTML omitted --\u003e(28556)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text  -  by \u003ca href=\"https://github.com/lawrence3699\"\u003e\u003ccode\u003e@​lawrence3699\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d8\"\u003e\u003c!-- raw HTML omitted --\u003e(0d6f3)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape xml for math plugin  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e\"\u003e\u003c!-- raw HTML omitted --\u003e(5fa09)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse strict regex for image's height and width  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb75\"\u003e\u003c!-- raw HTML omitted --\u003e(8d0cb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.2.0...v3.2.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport footnotes that start on the next line.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/2677e2d\"\u003e\u003c!-- raw HTML omitted --\u003e(2677e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly handle code blocks inside footnotes.  -  by \u003ca href=\"https://github.com/kylechui\"\u003e\u003ccode\u003e@​kylechui\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/0516c9e\"\u003e\u003c!-- raw HTML omitted --\u003e(0516c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport python 3.14  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/7e0eb65\"\u003e\u003c!-- raw HTML omitted --\u003e(7e0eb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRender ref links and footnotes in footnotes.  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/bd90e44\"\u003e\u003c!-- raw HTML omitted --\u003e(bd90e)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender ref links in TOC.  -  by \u003ca href=\"https://github.com/lemon24\"\u003e\u003ccode\u003e@​lemon24\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/a0a0148\"\u003e\u003c!-- raw HTML omitted --\u003e(a0a01)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate typing for mypy upgrades  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/8d49cba\"\u003e\u003c!-- raw HTML omitted --\u003e(8d49c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRender correct html for footnotes  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9b62204\"\u003e\u003c!-- raw HTML omitted --\u003e(9b622)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.4...v3.2.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser, \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003e#412\u003c/a\u003e  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/412\"\u003elepture/mistune#412\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/ea3ecaf\"\u003e\u003c!-- raw HTML omitted --\u003e(ea3ec)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent remove unicode whitespace when parsing atx heading  -  by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/lepture/mistune/commit/9e72063\"\u003e\u003c!-- raw HTML omitted --\u003e(9e720)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.1.4\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lepture/mistune/blob/main/docs/changes.rst\"\u003emistune's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.2.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on May 3, 2026\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEscape link in \u003ccode\u003erender_toc_ul\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEscape text in math plugin.\u003c/li\u003e\n\u003cli\u003eFix regex for math plugin.\u003c/li\u003e\n\u003cli\u003eEscape heading's ID attribute.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLINK_TITLE_RE\u003c/code\u003e to prevent DoS.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for admonition directive.\u003c/li\u003e\n\u003cli\u003eRemove double-encoding of image alt text.\u003c/li\u003e\n\u003cli\u003eEscape class attribute for image directive.\u003c/li\u003e\n\u003cli\u003eFix width/height attribute for image directive.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.2.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Dec 23, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAnnounce supports for python 3.14\u003c/li\u003e\n\u003cli\u003eFix footnotes plugins for code blocks, ref links, blockquote and etc.\u003c/li\u003e\n\u003cli\u003eFix ref links in TOC.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eReleased on Aug 29, 2025\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd fenced directive break rule in list parser.\u003c/li\u003e\n\u003cli\u003ePrevent removing unicode whitespace when parsing atx heading.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/067f90861088a496942f5eb43236135352b85d39\"\u003e\u003ccode\u003e067f908\u003c/code\u003e\u003c/a\u003e chore: release 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/bf5503067a7d8c3b065fb143f67a3a08eca77bb6\"\u003e\u003ccode\u003ebf55030\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/438\"\u003e#438\u003c/a\u003e from saschabuehrle/fix/issue-370\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/8d0cb7539a9ac82e633b98476b9922632eb8b948\"\u003e\u003ccode\u003e8d0cb75\u003c/code\u003e\u003c/a\u003e fix: use strict regex for image's height and width\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/5fa092e3053b86f16e4c49b9d3ba0b7ab63f09ab\"\u003e\u003ccode\u003e5fa092e\u003c/code\u003e\u003c/a\u003e fix: escape xml for math plugin\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/71ec9477ebfcf8dab0068804baf2c77461d77fbb\"\u003e\u003ccode\u003e71ec947\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/440\"\u003e#440\u003c/a\u003e from lawrence3699/fix/image-alt-double-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/0d6f3d850283d51e9c60e5a1b3c9343a18df3722\"\u003e\u003ccode\u003e0d6f3d8\u003c/code\u003e\u003c/a\u003e fix: remove double-encoding of image alt text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/2855622d7fe235c6c805716edff943b5945d1eea\"\u003e\u003ccode\u003e2855622\u003c/code\u003e\u003c/a\u003e fix: escape id of headings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/04880a004cb28318e5ebd7ee9e63c79fc9f9ed04\"\u003e\u003ccode\u003e04880a0\u003c/code\u003e\u003c/a\u003e fix: escape id of toc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/7bd57096715385062505b3f78972be9fa823d6d4\"\u003e\u003ccode\u003e7bd5709\u003c/code\u003e\u003c/a\u003e fix: handle escaped dollar signs in inline math (fixes \u003ca href=\"https://redirect.github.com/lepture/mistune/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lepture/mistune/commit/85eb54ff17da26327399bf188f9ff9b8fd515278\"\u003e\u003ccode\u003e85eb54f\u003c/code\u003e\u003c/a\u003e fix: update link reference\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lepture/mistune/compare/v3.1.3...v3.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune\u0026package-manager=uv\u0026previous-version=3.1.3\u0026new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/arthrod/tensorzero/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/arthrod/tensorzero/pull/68","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthrod%2Ftensorzero/issues/68","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/68/packages"}}]}