{"id":5439,"name":"paramiko","ecosystem":"pip","repository_url":"https://github.com/paramiko/paramiko","issues_count":239,"created_at":"2025-06-06T17:12:50.925Z","updated_at":"2025-06-06T17:12:50.925Z","purl":"pkg:pypi/paramiko","metadata":{"id":2846034,"name":"paramiko","ecosystem":"pypi","description":"SSH2 protocol library","homepage":"https://paramiko.org","licenses":"LGPL","normalized_licenses":["Other"],"repository_url":"https://github.com/paramiko/paramiko","keywords_array":[],"namespace":null,"versions_count":149,"first_release_published_at":"2012-05-17T01:34:32.000Z","latest_release_published_at":"2025-02-04T02:37:57.000Z","latest_release_number":"3.5.1","last_synced_at":"2025-06-06T05:01:44.864Z","created_at":"2022-04-10T12:00:00.760Z","updated_at":"2025-06-06T05:01:44.864Z","registry_url":"https://pypi.org/project/paramiko/","install_command":"pip install paramiko --index-url https://pypi.org/simple","documentation_url":"https://paramiko.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL)","Operating System :: OS Independent","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.6","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Topic :: Internet","Topic :: Security :: Cryptography"],"normalized_name":"paramiko"},"repo_metadata":{"id":493134,"uuid":"119609","full_name":"paramiko/paramiko","owner":"paramiko","description":"The leading native Python SSHv2 protocol library.","archived":false,"fork":false,"pushed_at":"2024-10-02T14:24:28.000Z","size":8248,"stargazers_count":9108,"open_issues_count":1093,"forks_count":2008,"subscribers_count":318,"default_branch":"main","last_synced_at":"2024-10-29T15:52:23.056Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://paramiko.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-2.1","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paramiko.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"tidelift":"pypi/paramiko"}},"created_at":"2009-02-02T03:41:08.000Z","updated_at":"2024-10-29T12:33:04.000Z","dependencies_parsed_at":"2023-07-06T13:01:57.410Z","dependency_job_id":"6cbc9992-5edd-4d76-bf5c-ea0c3d6e8ae0","html_url":"https://github.com/paramiko/paramiko","commit_stats":{"total_commits":2841,"total_committers":196,"mean_commits":"14.494897959183673","dds":0.434706089405139,"last_synced_commit":"66117732de6de03914308f9a21b05b50a781d13c"},"previous_names":[],"tags_count":186,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paramiko","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222090770,"owners_count":16929471,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"paramiko","name":"paramiko","uuid":"1108455","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/1108455?v=4","repositories_count":1,"last_synced_at":"2024-03-25T18:48:24.434Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/paramiko","funding_links":[],"total_stars":8638,"followers":39,"following":0,"created_at":"2022-11-02T16:35:52.456Z","updated_at":"2024-03-25T18:48:24.444Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paramiko","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paramiko/repositories"},"tags":[{"name":"3.4.0","sha":"f0881ba8af57d1a122ef19c40d144afdcb6e0824","kind":"tag","published_at":"2023-12-18T19:34:19.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/3.4.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.4.0/manifests"},{"name":"3.3.1","sha":"8e389c77660c5cdae3069b478665427d23012853","kind":"tag","published_at":"2023-07-28T20:15:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/3.3.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.3.1/manifests"},{"name":"3.3.0","sha":"2f33ea86a3a431a034e343620285377251ce3ba1","kind":"tag","published_at":"2023-07-28T19:23:26.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/3.3.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.3.0/manifests"},{"name":"3.2.0","sha":"bfff922d09aefdb342e2aac1266e18a3ad80b940","kind":"tag","published_at":"2023-05-25T18:09:20.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/3.2.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.2.0/manifests"},{"name":"3.1.0","sha":"ee2829903f0108b6ea6da59cf29bff9c3cff3a74","kind":"tag","published_at":"2023-03-10T21:22:13.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/3.1.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.1.0/manifests"},{"name":"3.0.0","sha":"6379b018ac49b1e869f1248b1d6743d316b5a37b","kind":"tag","published_at":"2023-01-20T22:31:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/3.0.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/3.0.0/manifests"},{"name":"2.12.0","sha":"bbb8d57e917f5a9fefd25a85f3d10cd0c1a52ef5","kind":"tag","published_at":"2022-11-04T22:32:40.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.12.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.12.0/manifests"},{"name":"2.11.1","sha":"d84b86338f968c186e87e23c6a08e42a8d798772","kind":"tag","published_at":"2022-11-04T22:29:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.11.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.11.1/manifests"},{"name":"2.10.6","sha":"6943df1db31d5c52b30a6612f21c3ea03f6df069","kind":"tag","published_at":"2022-11-04T22:11:46.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.6/manifests"},{"name":"2.11.0","sha":"50d33223f9ec9e308a3fda519b36f78be859c4bc","kind":"tag","published_at":"2022-05-17T01:06:20.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.11.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.11.0/manifests"},{"name":"2.10.5","sha":"1150ed2912343cfcd83684a4515422ea06a759b1","kind":"tag","published_at":"2022-05-17T01:03:44.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.5/manifests"},{"name":"2.9.5","sha":"ced4606e810146262abe7ac5fdd076509a31d130","kind":"tag","published_at":"2022-05-17T00:59:52.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.9.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.9.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.5/manifests"},{"name":"2.10.4","sha":"19490cfa97b26fc93be2ca860ccbd4ac62e463aa","kind":"tag","published_at":"2022-04-25T16:26:05.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.4/manifests"},{"name":"2.9.4","sha":"440c56fe65e509fec29106b8a6a7a15e609e1983","kind":"tag","published_at":"2022-04-25T16:23:12.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.9.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.4/manifests"},{"name":"2.10.3","sha":"239d2bd7a620be5cdaaa26f981ea72f5f55c9050","kind":"tag","published_at":"2022-03-18T21:02:18.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.3/manifests"},{"name":"2.9.3","sha":"094a5e10982c7d7ef9f17fdf755d755fec9fe19b","kind":"tag","published_at":"2022-03-18T21:00:41.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.9.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.3/manifests"},{"name":"2.10.2","sha":"57033fb57986a00263e57c615674bfec41efb59c","kind":"tag","published_at":"2022-03-14T23:24:10.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.2/manifests"},{"name":"2.10.1","sha":"286bd9f0374922341d48923b0c3ef09aab57919f","kind":"tag","published_at":"2022-03-12T04:19:39.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.1/manifests"},{"name":"2.10.0","sha":"aa3cc6fa3e9f1df72d4ffd2d5fc02ae734a6cba4","kind":"tag","published_at":"2022-03-12T03:34:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.10.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.10.0/manifests"},{"name":"2.9.2","sha":"88f35a537428e430f7f26eee8026715e357b55d6","kind":"tag","published_at":"2022-01-08T19:29:57.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.9.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.2/manifests"},{"name":"2.9.1","sha":"bbefff00961125a35a5fb6a769679aa297224b45","kind":"tag","published_at":"2021-12-24T19:53:27.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.9.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.1/manifests"},{"name":"2.9.0","sha":"c42311a4b1c905c7a3ee129258490448e6e22203","kind":"tag","published_at":"2021-12-23T21:26:28.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.9.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.9.0/manifests"},{"name":"2.8.1","sha":"6346662358b5b0ef16706ed6f23c2282507f7bb8","kind":"tag","published_at":"2021-11-29T02:35:28.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.8.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.8.1/manifests"},{"name":"2.8.0","sha":"7714caf79a09dc455a32c6071dd22ba37c399758","kind":"tag","published_at":"2021-10-09T21:45:20.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.8.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.8.0/manifests"},{"name":"2.7.2","sha":"93dba53fba7da34f34660ac4f5fba4cae317a6ed","kind":"commit","published_at":"2020-08-30T19:55:31.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.7.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.7.2/manifests"},{"name":"2.7.1","sha":"690d142321f53ae82f49a57b7f6716fb947d5687","kind":"commit","published_at":"2019-12-09T23:21:07.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.7.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.7.1/manifests"},{"name":"2.7.0","sha":"f2adac63c2907e99d741dc3945e701f2c593350c","kind":"commit","published_at":"2019-12-03T22:48:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.7.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.7.0/manifests"},{"name":"2.6.0","sha":"ca304fef5ba3543323c294e5c85dec87bd17280e","kind":"commit","published_at":"2019-06-23T22:48:30.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.6.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.6.0/manifests"},{"name":"2.5.1","sha":"169a40be1af4fbb16dce0ca31367abc0dd3d9ebd","kind":"commit","published_at":"2019-06-23T22:46:57.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.5.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.5.1/manifests"},{"name":"2.4.3","sha":"31f8de56e2130c9779e09f3d97cf766c4e1b39a7","kind":"commit","published_at":"2019-06-23T22:45:29.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.4.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.3/manifests"},{"name":"2.5.0","sha":"6ae44f4c69f07dee0d0e686dc1343dcc2d6f0e76","kind":"commit","published_at":"2019-06-10T00:59:16.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.5.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.5.0/manifests"},{"name":"2.4.2","sha":"b5f4c213ba2e3b560cda84efc556812ff989cd1f","kind":"commit","published_at":"2018-09-19T04:16:40.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.4.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.2/manifests"},{"name":"2.3.3","sha":"f61a8e8eff1b192d694d884a76f32bcecbe0abf1","kind":"commit","published_at":"2018-09-19T04:15:51.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.3.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.3/manifests"},{"name":"2.2.4","sha":"dd551fcd6d9fec3f0f5b981c5e04e9c464a2da68","kind":"commit","published_at":"2018-09-19T04:15:02.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.2.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.4/manifests"},{"name":"2.1.6","sha":"cb632613ed4006820fc26d5fd237f2bbebf11318","kind":"commit","published_at":"2018-09-19T04:14:01.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.6/manifests"},{"name":"2.0.9","sha":"f83156a804987d5e9be7c040ec87e67820347bd7","kind":"commit","published_at":"2018-09-19T04:12:53.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.9","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.9/manifests"},{"name":"2.4.1","sha":"8bd1506c816b025b4a74e1b254e4879518ae696d","kind":"commit","published_at":"2018-03-13T01:04:50.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.4.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.1/manifests"},{"name":"2.3.2","sha":"c07b6e6b8b94fe8a946a8120c1d1b4039c1fe4f0","kind":"commit","published_at":"2018-03-13T01:04:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.3.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.2/manifests"},{"name":"2.2.3","sha":"04f0d9fc74f6219d2932252b6ba7d835bb4914ef","kind":"commit","published_at":"2018-03-13T01:03:32.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.2.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.3/manifests"},{"name":"2.1.5","sha":"e62f35a71bcc90447f3eee6f5b48f174a7bfb83e","kind":"commit","published_at":"2018-03-13T01:02:51.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.5/manifests"},{"name":"2.0.8","sha":"30452567c69096ad4aabd159ed3f3ad1ef83ab47","kind":"commit","published_at":"2018-03-13T01:01:52.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.8","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.8/manifests"},{"name":"1.18.5","sha":"3a50a3eb09168343af2d06ff7f269d2493af4e0b","kind":"commit","published_at":"2018-03-13T01:01:10.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.18.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.18.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.5/manifests"},{"name":"1.17.6","sha":"ac3f78648d2f48c3a99bbf0295245954a34ab46d","kind":"commit","published_at":"2018-03-13T01:00:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.6/manifests"},{"name":"2.4.0","sha":"a97e977d6970b33e619601f502776eb19e691d90","kind":"commit","published_at":"2017-11-14T22:20:41.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.4.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.4.0/manifests"},{"name":"2.3.1","sha":"af9ebcfa5e6aefb7a08975173bc648ae1bdc704b","kind":"commit","published_at":"2017-09-22T20:15:16.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.3.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.1/manifests"},{"name":"2.3.0","sha":"975bcf1e19b1efc5a84ef2eb639939e516f7f633","kind":"commit","published_at":"2017-09-18T19:18:25.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.3.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.3.0/manifests"},{"name":"2.2.2","sha":"2deecdf886a91792e47164dd9e39634ba9c65735","kind":"commit","published_at":"2017-09-18T19:17:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.2.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.2/manifests"},{"name":"2.1.4","sha":"ccad634e8ce8b2f765ea63ac3b93148452e2ab2a","kind":"commit","published_at":"2017-09-18T19:14:36.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.4/manifests"},{"name":"2.0.7","sha":"2c8262c2487186ce0bb2b8ac5497b4722467f71c","kind":"commit","published_at":"2017-09-18T19:07:37.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.7","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.7/manifests"},{"name":"1.18.4","sha":"2c69c71d4477dd29534e80cdd0b102dd087cb927","kind":"commit","published_at":"2017-09-18T18:57:18.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.18.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.18.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.4/manifests"},{"name":"2.2.1","sha":"032b8221c1b44160fe91829296eb21a92afc18e1","kind":"commit","published_at":"2017-06-13T20:13:23.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.2.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.1/manifests"},{"name":"2.2.0","sha":"353e628d34d2ffab6bfb447ecd7bb44df6ad86ac","kind":"commit","published_at":"2017-06-09T22:10:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.2.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.2.0/manifests"},{"name":"2.1.3","sha":"c2de25ff24c18771e12200a921017cb5e175bbc9","kind":"commit","published_at":"2017-06-09T22:08:22.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.3/manifests"},{"name":"2.0.6","sha":"295b50e91db5dd37bb29c3f209c7168a1ef16e00","kind":"commit","published_at":"2017-06-09T22:06:28.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.6/manifests"},{"name":"1.18.3","sha":"7c0bd52fc8aa9185913cda5393f901127e3aa3c1","kind":"commit","published_at":"2017-06-09T22:03:01.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.18.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.18.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.3/manifests"},{"name":"1.17.5","sha":"23a4b331e0fdb101a8569642abfbf551ee390347","kind":"commit","published_at":"2017-06-09T21:42:06.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.5/manifests"},{"name":"2.1.2","sha":"f1985e632862689502d8757e61a0e51bbbb6dee9","kind":"commit","published_at":"2017-02-21T05:24:10.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.2/manifests"},{"name":"2.0.5","sha":"f9bafb731054db9299ba03551e440a46992e9c7c","kind":"commit","published_at":"2017-02-21T05:19:45.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.5/manifests"},{"name":"1.18.2","sha":"9e8c11ade2bb4c433c472ab31e73e7ecaf1574c1","kind":"commit","published_at":"2017-02-21T05:15:38.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.18.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.18.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.2/manifests"},{"name":"1.17.4","sha":"d7071f33c82604798010a0c77015b0e9b88027e9","kind":"commit","published_at":"2017-02-21T05:11:46.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.4/manifests"},{"name":"2.1.1","sha":"a6b7648d93eb36d8e52b5761604b187d02bc1b5a","kind":"commit","published_at":"2016-12-13T00:12:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.1/manifests"},{"name":"2.0.4","sha":"51cafed29a8b87f58718f55a449a8c4e499addb4","kind":"commit","published_at":"2016-12-13T00:10:58.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.4/manifests"},{"name":"1.18.1","sha":"4300732c8c392cb246fc7b2839e3700732846fff","kind":"commit","published_at":"2016-12-13T00:08:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.18.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.18.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.1/manifests"},{"name":"v1.18.1","sha":"4300732c8c392cb246fc7b2839e3700732846fff","kind":"commit","published_at":"2016-12-13T00:08:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.18.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.18.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.18.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.18.1/manifests"},{"name":"2.1.0","sha":"e0692f411287a814425d6835278b1c0caa91c82e","kind":"commit","published_at":"2016-12-09T18:49:02.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.1.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.1.0/manifests"},{"name":"2.0.3","sha":"a3c35766b21e9e2a46213116d478c17c757d1534","kind":"commit","published_at":"2016-12-09T18:45:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.3/manifests"},{"name":"1.18.0","sha":"6dd47a677e0e919c4c10c3fed3a4173e9c49199c","kind":"commit","published_at":"2016-12-09T18:43:13.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.18.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.18.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.18.0/manifests"},{"name":"v1.18.0","sha":"6dd47a677e0e919c4c10c3fed3a4173e9c49199c","kind":"commit","published_at":"2016-12-09T18:43:13.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.18.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.18.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.18.0/manifests"},{"name":"v1.17.3","sha":"2f2eb9c575b3c3cb06a62520078dabb07f8c4712","kind":"commit","published_at":"2016-12-09T18:41:08.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.17.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.17.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.3/manifests"},{"name":"1.17.3","sha":"2f2eb9c575b3c3cb06a62520078dabb07f8c4712","kind":"commit","published_at":"2016-12-09T18:41:08.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.3/manifests"},{"name":"2.0.2","sha":"889480a5d032772e14af896c8df838aaf5f86703","kind":"commit","published_at":"2016-07-26T04:11:12.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.2/manifests"},{"name":"1.17.2","sha":"10eda0b1d44ef083f0151edf4fe17408babcb6d9","kind":"commit","published_at":"2016-07-26T04:09:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.2/manifests"},{"name":"v1.17.2","sha":"10eda0b1d44ef083f0151edf4fe17408babcb6d9","kind":"commit","published_at":"2016-07-26T04:09:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.17.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.17.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.2/manifests"},{"name":"1.16.3","sha":"9f36cb1535760a592116579842c7feb0b1d30cb3","kind":"commit","published_at":"2016-07-26T04:08:05.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.16.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.16.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.3/manifests"},{"name":"v1.16.3","sha":"9f36cb1535760a592116579842c7feb0b1d30cb3","kind":"commit","published_at":"2016-07-26T04:08:05.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.16.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.16.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.3/manifests"},{"name":"2.0.1","sha":"d5ec63306c48ef25101129dad371733582a463a8","kind":"commit","published_at":"2016-06-21T20:30:01.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.1/manifests"},{"name":"1.17.1","sha":"49e3f1a58bec2b9443566f4b5104f2c363d9f872","kind":"commit","published_at":"2016-06-21T20:29:22.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.1/manifests"},{"name":"v1.17.1","sha":"49e3f1a58bec2b9443566f4b5104f2c363d9f872","kind":"commit","published_at":"2016-06-21T20:29:22.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.17.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.17.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.1/manifests"},{"name":"1.16.2","sha":"6062b69e27960be1f98883831ca1afc5b9495582","kind":"commit","published_at":"2016-06-21T20:27:39.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.16.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.16.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.2/manifests"},{"name":"v1.16.2","sha":"6062b69e27960be1f98883831ca1afc5b9495582","kind":"commit","published_at":"2016-06-21T20:27:39.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.16.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.16.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.2/manifests"},{"name":"2.0.0","sha":"f43d125c9156e84b50718a6bdad3a92d9ae9d14b","kind":"commit","published_at":"2016-04-29T04:58:27.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/2.0.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/2.0.0/manifests"},{"name":"1.16.1","sha":"79e71a22e999d8f7f6b5a9fc48d6776f40bd9ea3","kind":"commit","published_at":"2016-04-29T04:58:07.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.16.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.1/manifests"},{"name":"1.17.0","sha":"5915e9c991cdf5cacdaa1542c9330b2ca9b11208","kind":"commit","published_at":"2016-04-29T04:58:07.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.17.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.17.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.17.0/manifests"},{"name":"v1.17.0","sha":"5915e9c991cdf5cacdaa1542c9330b2ca9b11208","kind":"commit","published_at":"2016-04-29T04:58:07.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.17.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.17.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.17.0/manifests"},{"name":"v1.16.1","sha":"79e71a22e999d8f7f6b5a9fc48d6776f40bd9ea3","kind":"commit","published_at":"2016-04-29T04:58:07.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.16.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.1/manifests"},{"name":"1.15.5","sha":"6145232e4ec9c8d7fb598606bf4ca81d7a7cf54b","kind":"commit","published_at":"2016-04-29T04:58:04.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.15.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.5/manifests"},{"name":"v1.15.5","sha":"6145232e4ec9c8d7fb598606bf4ca81d7a7cf54b","kind":"commit","published_at":"2016-04-29T04:58:04.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.15.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.5/manifests"},{"name":"1.16.0","sha":"96705e26cf9ac7c9c3f6e8cd28e7e408dc5b856a","kind":"commit","published_at":"2015-11-05T22:48:19.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.16.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.16.0/manifests"},{"name":"v1.16.0","sha":"96705e26cf9ac7c9c3f6e8cd28e7e408dc5b856a","kind":"commit","published_at":"2015-11-05T22:48:19.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.16.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.16.0/manifests"},{"name":"1.15.4","sha":"d37c68673396b247c08d0d5122bb012e9c3c46c3","kind":"commit","published_at":"2015-11-03T02:01:15.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.15.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.4/manifests"},{"name":"v1.15.4","sha":"d37c68673396b247c08d0d5122bb012e9c3c46c3","kind":"commit","published_at":"2015-11-03T02:01:15.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.15.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.4/manifests"},{"name":"v1.14.3","sha":"79bdefe35610b651566bb7422518fb60b3f72bdd","kind":"commit","published_at":"2015-11-03T01:59:40.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.14.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.3/manifests"},{"name":"1.14.3","sha":"79bdefe35610b651566bb7422518fb60b3f72bdd","kind":"commit","published_at":"2015-11-03T01:59:40.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.14.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.3/manifests"},{"name":"1.13.4","sha":"0a57d0337778d99066688e310c81d449c64c9bb6","kind":"commit","published_at":"2015-11-03T01:57:45.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.13.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.13.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.4/manifests"},{"name":"v1.13.4","sha":"0a57d0337778d99066688e310c81d449c64c9bb6","kind":"commit","published_at":"2015-11-03T01:57:45.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.13.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.13.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.4/manifests"},{"name":"1.15.3","sha":"5b1b13c2fb48ac55d64022212bf132b8c01ce0c7","kind":"commit","published_at":"2015-10-02T22:59:15.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.15.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.3/manifests"},{"name":"v1.15.3","sha":"5b1b13c2fb48ac55d64022212bf132b8c01ce0c7","kind":"commit","published_at":"2015-10-02T22:59:15.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.15.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.3/manifests"},{"name":"v1.15.2","sha":"424ba615c2a94d3b059e7f24db1a1093a92d8d22","kind":"commit","published_at":"2014-12-19T22:55:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.15.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.2/manifests"},{"name":"1.15.2","sha":"424ba615c2a94d3b059e7f24db1a1093a92d8d22","kind":"commit","published_at":"2014-12-19T22:55:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.15.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.2/manifests"},{"name":"1.14.2","sha":"ccdfd02c047d5588b6bebdc501a766271a009493","kind":"commit","published_at":"2014-12-19T22:55:15.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.14.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.2/manifests"},{"name":"v1.14.2","sha":"ccdfd02c047d5588b6bebdc501a766271a009493","kind":"commit","published_at":"2014-12-19T22:55:15.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.14.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.2/manifests"},{"name":"v1.13.3","sha":"9451f2aada77850c4ba5719e8f732989c9b4f663","kind":"commit","published_at":"2014-12-19T22:54:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.13.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.3/manifests"},{"name":"1.13.3","sha":"9451f2aada77850c4ba5719e8f732989c9b4f663","kind":"commit","published_at":"2014-12-19T22:54:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.13.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.3/manifests"},{"name":"v1.15.1","sha":"af9f16f9a03bede1c5af84d00bc73097f6b45b54","kind":"commit","published_at":"2014-09-22T18:31:58.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.15.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.1/manifests"},{"name":"1.15.1","sha":"af9f16f9a03bede1c5af84d00bc73097f6b45b54","kind":"commit","published_at":"2014-09-22T18:31:58.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.15.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.1/manifests"},{"name":"1.15.0","sha":"35cb81b307ed44b5fe5f212a6f488f96364f954f","kind":"commit","published_at":"2014-09-18T23:56:37.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.15.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.15.0/manifests"},{"name":"v1.15.0","sha":"35cb81b307ed44b5fe5f212a6f488f96364f954f","kind":"commit","published_at":"2014-09-18T23:56:37.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.15.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.15.0/manifests"},{"name":"v1.14.1","sha":"d7b93df7aaf9f409da7578a107829c138d042121","kind":"commit","published_at":"2014-08-26T06:43:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.14.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.1/manifests"},{"name":"1.14.1","sha":"d7b93df7aaf9f409da7578a107829c138d042121","kind":"commit","published_at":"2014-08-26T06:43:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.14.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.1/manifests"},{"name":"1.13.2","sha":"1b69e0f4095883ef3f282552fde12dfb00ebdda4","kind":"commit","published_at":"2014-08-26T06:42:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.13.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.2/manifests"},{"name":"v1.13.2","sha":"1b69e0f4095883ef3f282552fde12dfb00ebdda4","kind":"commit","published_at":"2014-08-26T06:42:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.13.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.2/manifests"},{"name":"v1.14.0","sha":"951faed80b017e553a27c4cb98f210df44341f8f","kind":"commit","published_at":"2014-05-07T23:13:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.14.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.14.0/manifests"},{"name":"1.14.0","sha":"951faed80b017e553a27c4cb98f210df44341f8f","kind":"commit","published_at":"2014-05-07T23:13:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.14.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.14.0/manifests"},{"name":"1.13.1","sha":"7484a221803a3f9aa959d9fd02770ee9c2c90ad5","kind":"commit","published_at":"2014-05-07T21:14:05.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.13.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.1/manifests"},{"name":"v1.13.1","sha":"7484a221803a3f9aa959d9fd02770ee9c2c90ad5","kind":"commit","published_at":"2014-05-07T21:14:05.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.13.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.1/manifests"},{"name":"1.12.4","sha":"09e9d48db06b7e6eff090dc2cbbb94fef18a1b2c","kind":"commit","published_at":"2014-05-07T20:47:09.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.12.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.12.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.4/manifests"},{"name":"v1.12.4","sha":"09e9d48db06b7e6eff090dc2cbbb94fef18a1b2c","kind":"commit","published_at":"2014-05-07T20:47:09.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.12.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.12.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.4/manifests"},{"name":"1.11.6","sha":"c0667e1e6a1dd9b6cf2e47762b51d085417eb7c8","kind":"commit","published_at":"2014-05-07T20:39:39.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.6/manifests"},{"name":"v1.11.6","sha":"c0667e1e6a1dd9b6cf2e47762b51d085417eb7c8","kind":"commit","published_at":"2014-05-07T20:39:39.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.6/manifests"},{"name":"1.13.0","sha":"1774a4b9c0f7776104f79ba931ccf54bcf6d93f7","kind":"commit","published_at":"2014-03-14T04:30:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.13.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.13.0/manifests"},{"name":"v1.13.0","sha":"1774a4b9c0f7776104f79ba931ccf54bcf6d93f7","kind":"commit","published_at":"2014-03-14T04:30:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.13.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.13.0/manifests"},{"name":"v1.12.3","sha":"bbd9469d65b93285a05388246ec45e9fc36ca732","kind":"commit","published_at":"2014-03-14T04:30:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.12.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.12.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.3/manifests"},{"name":"1.12.3","sha":"bbd9469d65b93285a05388246ec45e9fc36ca732","kind":"commit","published_at":"2014-03-14T04:30:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.12.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.12.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.3/manifests"},{"name":"1.11.5","sha":"c538a000121d66e388bcb92c19cc018efcf4cce4","kind":"commit","published_at":"2014-03-14T04:27:46.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.5/manifests"},{"name":"v1.11.5","sha":"c538a000121d66e388bcb92c19cc018efcf4cce4","kind":"commit","published_at":"2014-03-14T04:27:46.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.5/manifests"},{"name":"1.10.7","sha":"4fdb4b5ae52b8e7cada05c5590a0cd0ab1b575d5","kind":"commit","published_at":"2014-03-14T04:25:44.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.7","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.7/manifests"},{"name":"v1.10.7","sha":"4fdb4b5ae52b8e7cada05c5590a0cd0ab1b575d5","kind":"commit","published_at":"2014-03-14T04:25:44.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.7","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.7/manifests"},{"name":"py3-test-parity","sha":"85e9405f8a3771942d414e05b88692cd47530e60","kind":"commit","published_at":"2014-03-07T21:16:47.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/py3-test-parity","html_url":"https://github.com/paramiko/paramiko/releases/tag/py3-test-parity","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/py3-test-parity","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/py3-test-parity/manifests"},{"name":"v1.12.2","sha":"fb786bea9cff8fba3c6852d216dbbcbafbbb524f","kind":"commit","published_at":"2014-02-14T17:39:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.12.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.12.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.2/manifests"},{"name":"1.12.2","sha":"fb786bea9cff8fba3c6852d216dbbcbafbbb524f","kind":"commit","published_at":"2014-02-14T17:39:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.12.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.12.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.2/manifests"},{"name":"1.11.4","sha":"4a5f007c029cfabac35161d8147d616c79009bd8","kind":"commit","published_at":"2014-02-14T17:38:14.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.4/manifests"},{"name":"v1.11.4","sha":"4a5f007c029cfabac35161d8147d616c79009bd8","kind":"commit","published_at":"2014-02-14T17:38:14.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.4/manifests"},{"name":"1.10.6","sha":"457a34f55b1d69c3f7699b3bc055f6c6d90371cd","kind":"commit","published_at":"2014-02-14T17:36:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.6/manifests"},{"name":"v1.10.6","sha":"457a34f55b1d69c3f7699b3bc055f6c6d90371cd","kind":"commit","published_at":"2014-02-14T17:36:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.6/manifests"},{"name":"v1.12.1","sha":"6ecde066fcd0a23238e8b8929c4e1bef48618df1","kind":"commit","published_at":"2014-01-09T00:41:44.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.12.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.1/manifests"},{"name":"1.12.1","sha":"6ecde066fcd0a23238e8b8929c4e1bef48618df1","kind":"commit","published_at":"2014-01-09T00:41:44.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.12.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.1/manifests"},{"name":"1.11.3","sha":"1ff3db96f65c52df416548e8a8047b3c07bcf683","kind":"commit","published_at":"2014-01-09T00:41:04.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.3/manifests"},{"name":"v1.11.3","sha":"1ff3db96f65c52df416548e8a8047b3c07bcf683","kind":"commit","published_at":"2014-01-09T00:41:04.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.3/manifests"},{"name":"v1.10.5","sha":"698adf10fb68330e1439b60afe9d305014395a68","kind":"commit","published_at":"2014-01-09T00:40:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.5/manifests"},{"name":"1.10.5","sha":"698adf10fb68330e1439b60afe9d305014395a68","kind":"commit","published_at":"2014-01-09T00:40:11.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.5/manifests"},{"name":"v1.12.0","sha":"c73764a9475f571e49506e2f12179134ff802c03","kind":"commit","published_at":"2013-09-28T05:01:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.12.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.12.0/manifests"},{"name":"1.12.0","sha":"c73764a9475f571e49506e2f12179134ff802c03","kind":"commit","published_at":"2013-09-28T05:01:17.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.12.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.12.0/manifests"},{"name":"v1.11.2","sha":"96fdefbcb99b5513e3c7c78518cfd1ad5ba8137f","kind":"commit","published_at":"2013-09-28T05:00:32.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.2/manifests"},{"name":"1.11.2","sha":"96fdefbcb99b5513e3c7c78518cfd1ad5ba8137f","kind":"commit","published_at":"2013-09-28T05:00:32.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.2/manifests"},{"name":"1.10.4","sha":"f2466a3d46493127e3b547f8f5c6d76c247bb3b4","kind":"commit","published_at":"2013-09-28T04:59:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.4/manifests"},{"name":"v1.10.4","sha":"f2466a3d46493127e3b547f8f5c6d76c247bb3b4","kind":"commit","published_at":"2013-09-28T04:59:48.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.4/manifests"},{"name":"v1.11.1","sha":"bea7d9dc8a913b41182755528acfcdcec71e62d2","kind":"commit","published_at":"2013-09-21T01:01:42.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.1/manifests"},{"name":"1.11.1","sha":"bea7d9dc8a913b41182755528acfcdcec71e62d2","kind":"commit","published_at":"2013-09-21T01:01:42.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.1/manifests"},{"name":"1.10.3","sha":"0ba34035c37d10b0f0b9035d427103da43c1150a","kind":"commit","published_at":"2013-09-21T00:56:20.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.3/manifests"},{"name":"v1.10.3","sha":"0ba34035c37d10b0f0b9035d427103da43c1150a","kind":"commit","published_at":"2013-09-21T00:56:20.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.3","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.3/manifests"},{"name":"1.11.0","sha":"2a08a48dd2451e3139735c8b4f29d6d2516b8eb0","kind":"commit","published_at":"2013-07-26T22:07:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.11.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.11.0/manifests"},{"name":"v1.11.0","sha":"2a08a48dd2451e3139735c8b4f29d6d2516b8eb0","kind":"commit","published_at":"2013-07-26T22:07:33.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.11.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.11.0/manifests"},{"name":"1.10.2","sha":"965d00dee951ffaee7458c7f8cb0a3c38ff46b25","kind":"commit","published_at":"2013-07-26T22:05:35.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.2/manifests"},{"name":"v1.10.2","sha":"965d00dee951ffaee7458c7f8cb0a3c38ff46b25","kind":"commit","published_at":"2013-07-26T22:05:35.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.2/manifests"},{"name":"v1.10.1","sha":"02d071be07fef362764b13a99dd9335a668c9117","kind":"commit","published_at":"2013-04-05T20:00:19.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.1/manifests"},{"name":"1.10.1","sha":"02d071be07fef362764b13a99dd9335a668c9117","kind":"commit","published_at":"2013-04-05T20:00:19.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.1/manifests"},{"name":"1.10.0","sha":"721f74d8c240071e444ed1cdfff432c75339e8b2","kind":"commit","published_at":"2013-03-01T20:01:35.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.10.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.10.0/manifests"},{"name":"v1.10.0","sha":"721f74d8c240071e444ed1cdfff432c75339e8b2","kind":"commit","published_at":"2013-03-01T20:01:35.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.10.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.10.0/manifests"},{"name":"v1.9.0","sha":"65de2529a9e21f66c72f6335886db5a7f2ea6b75","kind":"commit","published_at":"2012-11-06T21:10:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.9.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.9.0/manifests"},{"name":"1.9.0","sha":"65de2529a9e21f66c72f6335886db5a7f2ea6b75","kind":"commit","published_at":"2012-11-06T21:10:03.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.9.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.9.0/manifests"},{"name":"1.8.1","sha":"7f4c26f8601b2335b210896d2cb06348957e7aae","kind":"commit","published_at":"2012-11-06T21:08:41.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.8.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.8.1/manifests"},{"name":"v1.8.1","sha":"7f4c26f8601b2335b210896d2cb06348957e7aae","kind":"commit","published_at":"2012-11-06T21:08:41.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.8.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.8.1/manifests"},{"name":"v1.8.0","sha":"09488c665ba46057648a13a12c76f0c6392a86a1","kind":"commit","published_at":"2012-09-26T05:09:49.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.8.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.8.0/manifests"},{"name":"1.8.0","sha":"09488c665ba46057648a13a12c76f0c6392a86a1","kind":"commit","published_at":"2012-09-26T05:09:49.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.8.0","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.8.0/manifests"},{"name":"initial-merge-from-ssh-done","sha":"dd6fb2577d1c6f5cbfaf0264cc0452f465b0ca63","kind":"commit","published_at":"2012-09-25T02:00:19.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/initial-merge-from-ssh-done","html_url":"https://github.com/paramiko/paramiko/releases/tag/initial-merge-from-ssh-done","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/initial-merge-from-ssh-done","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/initial-merge-from-ssh-done/manifests"},{"name":"1.7.7.2","sha":"322819454ddd3cc83a0c9ad591186997a8cb1ab2","kind":"commit","published_at":"2012-05-16T23:03:10.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.7.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.7.2/manifests"},{"name":"v1.7.7.2","sha":"322819454ddd3cc83a0c9ad591186997a8cb1ab2","kind":"commit","published_at":"2012-05-16T23:03:10.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.7.2","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.7.2/manifests"},{"name":"1.7.14","sha":"c3a7e9d587447afdc714b02412594b8d0a9fecfa","kind":"commit","published_at":"2012-05-08T03:23:29.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.14","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.14/manifests"},{"name":"v1.7.14","sha":"c3a7e9d587447afdc714b02412594b8d0a9fecfa","kind":"commit","published_at":"2012-05-08T03:23:29.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.14","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.14/manifests"},{"name":"1.7.13","sha":"998377f353f2f17b6d00e7246ae0ed4628291ffd","kind":"commit","published_at":"2012-02-14T00:02:00.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.13","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.13/manifests"},{"name":"v1.7.13","sha":"998377f353f2f17b6d00e7246ae0ed4628291ffd","kind":"commit","published_at":"2012-02-14T00:02:00.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.13","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.13/manifests"},{"name":"1.7.12","sha":"c630917d0d0ff2ac4e1185f4077074cd3748d05b","kind":"commit","published_at":"2012-02-11T06:50:36.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.12","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.12/manifests"},{"name":"v1.7.12","sha":"c630917d0d0ff2ac4e1185f4077074cd3748d05b","kind":"commit","published_at":"2012-02-11T06:50:36.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.12","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.12/manifests"},{"name":"v1.7.11","sha":"9234baed01df9ca3ac59920ae6f98808b7ca5213","kind":"commit","published_at":"2011-11-18T16:56:12.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.11","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.11/manifests"},{"name":"1.7.11","sha":"9234baed01df9ca3ac59920ae6f98808b7ca5213","kind":"commit","published_at":"2011-11-18T16:56:12.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.11","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.11/manifests"},{"name":"1.7.10","sha":"175075e045310cb5d06814fac7ffdfaafc0c7283","kind":"commit","published_at":"2011-11-18T01:40:41.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.10","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.10/manifests"},{"name":"v1.7.10","sha":"175075e045310cb5d06814fac7ffdfaafc0c7283","kind":"commit","published_at":"2011-11-18T01:40:41.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.10","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.10/manifests"},{"name":"1.7.9","sha":"ea8e73a389931962a2aea4c136a2a5d65d612c89","kind":"commit","published_at":"2011-11-08T01:30:13.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.9","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.9/manifests"},{"name":"v1.7.9","sha":"ea8e73a389931962a2aea4c136a2a5d65d612c89","kind":"commit","published_at":"2011-11-08T01:30:13.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.9","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.9/manifests"},{"name":"1.7.8","sha":"12cf1674fcd8bf216ec2f12f4ddd111eb8db3514","kind":"tag","published_at":"2011-10-23T22:07:23.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.8","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.8/manifests"},{"name":"v1.7.8","sha":"12cf1674fcd8bf216ec2f12f4ddd111eb8db3514","kind":"tag","published_at":"2011-10-23T22:07:23.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.8","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.8/manifests"},{"name":"v1.7.7.1","sha":"7bcbc2419812f87cf06391da61684df205f131d3","kind":"commit","published_at":"2011-05-23T20:49:47.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/v1.7.7.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/v1.7.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/v1.7.7.1/manifests"},{"name":"1.7.7.1","sha":"7bcbc2419812f87cf06391da61684df205f131d3","kind":"commit","published_at":"2011-05-23T20:49:47.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/1.7.7.1","html_url":"https://github.com/paramiko/paramiko/releases/tag/1.7.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/1.7.7.1/manifests"},{"name":"release-1.7.6","sha":"cb913d5d32b36f73a3ab202ea8a33f3e7e2d6a59","kind":"commit","published_at":"2009-11-02T06:01:04.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/release-1.7.6","html_url":"https://github.com/paramiko/paramiko/releases/tag/release-1.7.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/release-1.7.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/release-1.7.6/manifests"},{"name":"release-1.7.5","sha":"7da1f2c4a348dfafa6f7653eb05cba9613a6dec9","kind":"commit","published_at":"2009-07-20T04:45:54.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/release-1.7.5","html_url":"https://github.com/paramiko/paramiko/releases/tag/release-1.7.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/release-1.7.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/release-1.7.5/manifests"},{"name":"release-1.7.4","sha":"2fda984906a9b2396673672e11b58c7de2b8cf6a","kind":"commit","published_at":"2008-07-07T01:22:21.000Z","download_url":"https://codeload.github.com/paramiko/paramiko/tar.gz/release-1.7.4","html_url":"https://github.com/paramiko/paramiko/releases/tag/release-1.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/release-1.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paramiko%2Fparamiko/tags/release-1.7.4/manifests"}]},"repo_metadata_updated_at":"2024-10-29T23:41:11.696Z","dependent_packages_count":938,"downloads":87621527,"downloads_period":"last-month","dependent_repos_count":30613,"rankings":{"downloads":0.022927071736056213,"dependent_repos_count":0.03943456338601669,"dependent_packages_count":0.028062735804932806,"stargazers_count":0.594636532546354,"forks_count":0.5841817878347123,"docker_downloads_count":0.004035164625545894,"average":0.21221297598893632},"purl":"pkg:pypi/paramiko","advisories":[{"uuid":"GSA_kwCzR0hTQS1mOHE0LWp3d3cteDN3ds00ww","url":"https://github.com/advisories/GHSA-f8q4-jwww-x3wv","title":"Race Condition in Paramiko","description":"In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-03-19T00:01:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.2,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-24302","https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546","https://www.paramiko.org/changelog.html","https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html","https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e","https://github.com/advisories/GHSA-f8q4-jwww-x3wv","https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2022-166.yaml","https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U63MJ2VOLLQ35R7CYNREUHSXYLWNPVSB"],"source_kind":"github","identifiers":["GHSA-f8q4-jwww-x3wv","CVE-2022-24302"],"repository_url":"https://github.com/paramiko/paramiko","blast_radius":36.7844283102366,"packages":[{"versions":[{"first_patched_version":"2.9.3","vulnerable_version_range":"\u003e= 2.9.0, \u003c 2.9.3"},{"first_patched_version":"2.10.1","vulnerable_version_range":"\u003e= 2.10.0, \u003c 2.10.1"}],"ecosystem":"pypi","package_name":"paramiko"}],"created_at":"2022-12-21T16:11:59.600Z","updated_at":"2024-10-09T20:07:35.000Z","epss_percentage":0.005,"epss_percentile":0.64517},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzMnItNjZjZy03OXB4","url":"https://github.com/advisories/GHSA-232r-66cg-79px","title":"Paramiko not properly checking authentication before processing other requests","description":"transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2018-07-12T20:29:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-7750","https://github.com/paramiko/paramiko/issues/1175","https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516","https://access.redhat.com/errata/RHSA-2018:0591","https://access.redhat.com/errata/RHSA-2018:0646","https://access.redhat.com/errata/RHSA-2018:1124","https://access.redhat.com/errata/RHSA-2018:1125","https://access.redhat.com/errata/RHSA-2018:1213","https://access.redhat.com/errata/RHSA-2018:1274","https://access.redhat.com/errata/RHSA-2018:1328","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2018:1972","https://github.com/advisories/GHSA-232r-66cg-79px","https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html","https://github.com/paramiko/paramiko/commit/e9dfd854bdaf8af15d7834f7502a0451d217bb8c","https://github.com/paramiko/paramiko/blob/e861c7697622774071ce73b46ffe8817eacdedfa/sites/www/changelog.rst?plain=1#L759-L763","https://web.archive.org/web/20190831123128/http://www.securityfocus.com/bid/103713","https://www.exploit-db.com/exploits/45712","https://usn.ubuntu.com/3603-2","https://usn.ubuntu.com/3603-1","https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-19.yaml","https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst"],"source_kind":"github","identifiers":["GHSA-232r-66cg-79px","CVE-2018-7750"],"repository_url":"https://github.com/paramiko/paramiko","blast_radius":41.7189247908781,"packages":[{"versions":[{"first_patched_version":"1.17.6","vulnerable_version_range":"\u003c 1.17.6"},{"first_patched_version":"1.18.5","vulnerable_version_range":"\u003e= 1.18.0, \u003c 1.18.5"},{"first_patched_version":"2.4.1","vulnerable_version_range":"= 2.4.0"},{"first_patched_version":"2.3.2","vulnerable_version_range":"\u003e= 2.3.0, \u003c 2.3.2"},{"first_patched_version":"2.2.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.3"},{"first_patched_version":"2.1.5","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.5"},{"first_patched_version":"2.0.8","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.8"}],"ecosystem":"pypi","package_name":"paramiko"}],"created_at":"2022-12-21T16:12:34.276Z","updated_at":"2024-10-09T19:47:18.000Z","epss_percentage":0.26481,"epss_percentile":0.95979},{"uuid":"GSA_kwCzR0hTQS13cW1tLXE2NWctMmhxcs2vew","url":"https://github.com/advisories/GHSA-wqmm-q65g-2hqr","title":"Paramiko Unsafe randomness usage may allow access to sensitive information","description":"common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-01T23:28:57.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.1,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2008-0299","https://bugzilla.redhat.com/show_bug.cgi?id=428727","https://exchange.xforce.ibmcloud.com/vulnerabilities/39749","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html","https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html","http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706","http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch","http://security.gentoo.org/glsa/glsa-200803-07.xml","https://web.archive.org/web/20080205095439/http://secunia.com/advisories/28488","https://web.archive.org/web/20080627172450/http://secunia.com/advisories/28510","https://web.archive.org/web/20080628232710/http://secunia.com/advisories/29168","https://web.archive.org/web/20080720033315/http://www.lag.net/pipermail/paramiko/2008-January/000599.html","https://web.archive.org/web/20081012023428/http://www.securityfocus.com/bid/27307","https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2008-8.yaml","https://github.com/advisories/GHSA-wqmm-q65g-2hqr"],"source_kind":"github","identifiers":["GHSA-wqmm-q65g-2hqr","CVE-2008-0299"],"repository_url":null,"blast_radius":31.849931829595103,"packages":[{"versions":[{"first_patched_version":"1.7.1-3","vulnerable_version_range":"\u003c= 1.7.1-2"}],"ecosystem":"pypi","package_name":"paramiko"}],"created_at":"2024-02-09T20:05:11.011Z","updated_at":"2024-10-08T13:10:26.000Z","epss_percentage":0.01232,"epss_percentile":0.78014},{"uuid":"GSA_kwCzR0hTQS00NXg3LXB4MzYteDh3OM4AA34H","url":"https://github.com/advisories/GHSA-45x7-px36-x8w8","title":"Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin","description":"### Summary\n\nTerrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.\n\n### Mitigations\n\nTo mitigate this protocol vulnerability, OpenSSH suggested a so-called \"strict kex\" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes.\n\n**Warning: To take effect, both the client and server must support this countermeasure.** \n\nAs a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available.\n\n### Details\n\nThe SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario.\n\nThe attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange.\n\nIn the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers.\n\nFor more details see [https://terrapin-attack.com](https://terrapin-attack.com). \n\n### Impact\n\nThis attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-12-18T19:22:09.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8","https://nvd.nist.gov/vuln/detail/CVE-2023-48795","https://github.com/paramiko/paramiko/issues/2337","https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0","https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d","https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951","https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42","https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25","https://github.com/openssh/openssh-portable/commits/master","https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst","https://github.com/ronf/asyncssh/tags","https://github.com/warp-tech/russh/releases/tag/v0.40.2","https://gitlab.com/libssh/libssh-mirror/-/tags","https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ","https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg","https://matt.ucc.asn.au/dropbear/CHANGES","https://news.ycombinator.com/item?id=38684904","https://news.ycombinator.com/item?id=38685286","https://twitter.com/TrueSkrillor/status/1736774389725565005","https://www.bitvise.com/ssh-server-version-history","https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html","https://www.openssh.com/openbsd.html","https://www.openssh.com/txt/release-9.6","https://www.openwall.com/lists/oss-security/2023/12/18/2","https://www.terrapin-attack.com","http://www.openwall.com/lists/oss-security/2023/12/18/3","https://github.com/mwiede/jsch/issues/457","https://github.com/mwiede/jsch/pull/461","https://access.redhat.com/security/cve/cve-2023-48795","https://bugs.gentoo.org/920280","https://bugzilla.redhat.com/show_bug.cgi?id=2254210","https://bugzilla.suse.com/show_bug.cgi?id=1217950","https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6","https://github.com/advisories/GHSA-45x7-px36-x8w8","https://github.com/drakkan/sftpgo/releases/tag/v2.5.6","https://github.com/erlang/otp/releases/tag/OTP-26.2.1","https://go.dev/cl/550715","https://go.dev/issue/64784","https://security-tracker.debian.org/tracker/CVE-2023-48795","https://security-tracker.debian.org/tracker/source-package/libssh2","https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg","https://ubuntu.com/security/CVE-2023-48795","https://github.com/libssh2/libssh2/pull/1291","https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5","https://forum.netgate.com/topic/184941/terrapin-ssh-attack","https://github.com/rapier1/hpn-ssh/releases","https://github.com/proftpd/proftpd/issues/456","https://github.com/NixOS/nixpkgs/pull/275249","https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab","https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3","https://crates.io/crates/thrussh/versions","https://github.com/TeraTermProject/teraterm/releases/tag/v5.1","https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22","https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15","https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES","https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC","https://oryx-embedded.com/download/#changelog","https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update","https://www.paramiko.org/changelog.html","https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc","http://www.openwall.com/lists/oss-security/2023/12/19/5","http://www.openwall.com/lists/oss-security/2023/12/20/3","https://github.com/apache/mina-sshd/issues/445","https://github.com/hierynomus/sshj/issues/916","https://github.com/janmojzis/tinyssh/issues/81","https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16","https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES","https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES","https://security-tracker.debian.org/tracker/source-package/trilead-ssh2","https://www.openwall.com/lists/oss-security/2023/12/20/3","http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html","https://github.com/PowerShell/Win32-OpenSSH/issues/2189","https://github.com/cyd01/KiTTY/issues/520","https://github.com/ssh-mitm/ssh-mitm/issues/165","https://filezilla-project.org/versions.php","https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta","https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html","https://news.ycombinator.com/item?id=38732005","https://nova.app/releases/#v11.8","https://roumenpetrov.info/secsh/#news20231220","https://security.gentoo.org/glsa/202312-16","https://security.gentoo.org/glsa/202312-17","https://winscp.net/eng/docs/history#6.2.2","https://www.bitvise.com/ssh-client-version-history#933","https://www.debian.org/security/2023/dsa-5586","https://www.debian.org/security/2023/dsa-5588","https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508","https://www.theregister.com/2023/12/20/terrapin_attack_ssh","https://www.vandyke.com/products/securecrt/history.txt","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002","https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html","https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773","https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack","https://help.panic.com/releasenotes/transmit5","https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7","https://security.netapp.com/advisory/ntap-20240105-0004","https://support.apple.com/kb/HT214084","https://thorntech.com/cve-2023-48795-and-sftp-gateway","https://www.netsarang.com/en/xshell-update-history","https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed","https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795","http://seclists.org/fulldisclosure/2024/Mar/21","https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html","http://www.openwall.com/lists/oss-security/2024/03/06/3","http://www.openwall.com/lists/oss-security/2024/04/17/8"],"source_kind":"github","identifiers":["GHSA-45x7-px36-x8w8","CVE-2023-48795"],"repository_url":"https://github.com/warp-tech/russh","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"3.4.0","vulnerable_version_range":"\u003e= 2.5.0, \u003c 3.4.0"}],"ecosystem":"pypi","package_name":"paramiko"},{"versions":[{"first_patched_version":"0.17.0","vulnerable_version_range":"\u003c 0.17.0"}],"ecosystem":"go","package_name":"golang.org/x/crypto"},{"versions":[{"first_patched_version":"0.40.2","vulnerable_version_range":"\u003c 0.40.2"}],"ecosystem":"cargo","package_name":"russh"}],"created_at":"2023-12-18T20:06:04.619Z","updated_at":"2025-05-30T01:10:12.105Z","epss_percentage":0.73148,"epss_percentile":0.98697},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyajYtd3JoaC12MjVt","url":"https://github.com/advisories/GHSA-f2j6-wrhh-v25m","title":"Paramiko Authentication Bypass vulnerability","description":"Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-10T16:10:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000805","https://github.com/paramiko/paramiko/issues/1283","https://access.redhat.com/errata/RHBA-2018:3497","https://access.redhat.com/errata/RHSA-2018:3347","https://access.redhat.com/errata/RHSA-2018:3406","https://access.redhat.com/errata/RHSA-2018:3505","https://github.com/advisories/GHSA-f2j6-wrhh-v25m","https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt","https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html","https://github.com/pypa/advisory-database/tree/main/vulns/paramiko/PYSEC-2018-69.yaml","https://usn.ubuntu.com/3796-1","https://usn.ubuntu.com/3796-2","https://usn.ubuntu.com/3796-3"],"source_kind":"github","identifiers":["GHSA-f2j6-wrhh-v25m","CVE-2018-1000805"],"repository_url":"https://github.com/paramiko/paramiko","blast_radius":39.02738125598273,"packages":[{"versions":[{"first_patched_version":"2.0.9","vulnerable_version_range":"\u003e= 1.5.1, \u003c 2.0.9"},{"first_patched_version":"2.1.6","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.6"},{"first_patched_version":"2.2.4","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.4"},{"first_patched_version":"2.3.3","vulnerable_version_range":"\u003e= 2.3.0, \u003c 2.3.3"},{"first_patched_version":"2.4.2","vulnerable_version_range":"\u003e= 2.4.0, \u003c 2.4.2"}],"ecosystem":"pypi","package_name":"paramiko"}],"created_at":"2022-12-21T16:13:35.903Z","updated_at":"2024-10-09T20:55:51.000Z","epss_percentage":0.00332,"epss_percentile":0.55246}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/paramiko","docker_dependents_count":3585,"docker_downloads_count":7387261216,"usage_url":"https://repos.ecosyste.ms/usage/pypi/paramiko","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/paramiko/dependencies","status":null,"funding_links":["https://tidelift.com/funding/github/pypi/paramiko"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/paramiko/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/paramiko/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/paramiko/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/paramiko/related_packages","maintainers":[{"uuid":"bitprophet","login":"bitprophet","name":null,"email":null,"url":null,"packages_count":17,"html_url":"https://pypi.org/user/bitprophet/","role":null,"created_at":"2022-11-26T02:49:24.025Z","updated_at":"2022-11-26T02:49:24.025Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/bitprophet/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690329,"maintainers_count":292761,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":191,"unique_repositories_count_past_30_days":6,"recent_issues":[{"uuid":"4552046873","node_id":"PR_kwDOHKRx287g0-Gj","number":551,"state":"open","title":"Bump paramiko from 3.5.1 to 5.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T22:37:46.000Z","updated_at":"2026-05-30T01:36:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"3.5.1","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [paramiko](https://github.com/paramiko/paramiko) from 3.5.1 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.5.1...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=3.5.1\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/burakince/mlflow/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/burakince/mlflow/pull/551","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/burakince%2Fmlflow/issues/551","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/551/packages"},{"uuid":"4500080464","node_id":"PR_kwDOLzxzKM7eNvd4","number":342,"state":"open","title":"chore(deps): bump the dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["matmair"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:26:07.000Z","updated_at":"2026-05-22T05:28:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"dependencies","update_count":45,"packages":[{"name":"bleach","old_version":"4.1.0","new_version":"6.3.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"blessed","old_version":"1.38.0","new_version":"1.39.0","repository_url":"https://github.com/jquast/blessed"},{"name":"boto3","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/botocore"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"django","old_version":"5.2.13","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-allauth","old_version":"65.14.3","new_version":"65.16.1","repository_url":"https://github.com/sponsors/pennersr"},{"name":"django-otp","old_version":"1.3.0","new_version":"1.7.0","repository_url":"https://github.com/django-otp/django-otp"},{"name":"django-q2","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/GDay/django-q2"},{"name":"dulwich","old_version":"1.2.0","new_version":"1.2.1","repository_url":"https://github.com/dulwich/dulwich"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"googleapis-common-protos","old_version":"1.74.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"icalendar","old_version":"7.0.3","new_version":"7.1.0","repository_url":"https://github.com/collective/icalendar"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"importlib-metadata","old_version":"8.7.1","new_version":"9.0.0","repository_url":"https://github.com/python/importlib_metadata"},{"name":"nh3","old_version":"0.3.4","new_version":"0.3.5","repository_url":"https://github.com/messense/nh3"},{"name":"opentelemetry-exporter-otlp-proto-common","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-grpc","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-http","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-instrumentation","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-instrumentation-dbapi","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-proto","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-semantic-conventions","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-util-http","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"protobuf","old_version":"6.33.6","new_version":"7.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.11.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"s3transfer","old_version":"0.16.1","new_version":"0.17.0","repository_url":"https://github.com/boto/s3transfer"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wrapt","old_version":"1.17.3","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"pip","old_version":"26.1","new_version":"26.1.1","repository_url":"https://github.com/pypa/pip"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"ty","old_version":"0.0.1a21","new_version":"0.0.35","repository_url":"https://github.com/astral-sh/ty"},{"name":"types-psycopg2","old_version":"2.9.21.20260422","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 45 updates in the /src/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |\n| [blessed](https://github.com/jquast/blessed) | `1.38.0` | `1.39.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.43.8` |\n| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.43.8` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n| [django](https://github.com/django/django) | `5.2.13` | `6.0.5` |\n| [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.16.1` |\n| [django-otp](https://github.com/django-otp/django-otp) | `1.3.0` | `1.7.0` |\n| [django-q2](https://github.com/GDay/django-q2) | `1.9.0` | `1.10.0` |\n| [dulwich](https://github.com/dulwich/dulwich) | `1.2.0` | `1.2.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.74.0` | `1.75.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [icalendar](https://github.com/collective/icalendar) | `7.0.3` | `7.1.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |\n| [nh3](https://github.com/messense/nh3) | `0.3.4` | `0.3.5` |\n| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.61b0` | `0.62b1` |\n| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.11.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.1` | `0.17.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [pip](https://github.com/pypa/pip) | `26.1` | `26.1.1` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.3.1` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.1a21` | `0.0.35` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260422` | `2.9.21.20260509` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n\n\nUpdates `bleach` from 4.1.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.3.0 (October 27th, 2025)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix wbr handling. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.2.0 (October 29th, 2024)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove six depdenncy. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known-good versions for tinycss2. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix additional \u0026lt; followed by characters and EOF issues. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.1.0 (October 6th, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/5546d5dbce60d08ccb99d981778d74044d646d4e\"\u003e\u003ccode\u003e5546d5d\u003c/code\u003e\u003c/a\u003e chore: prep for 6.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/88df3ff23fb2a43e174b3fdfe9191ef516de868a\"\u003e\u003ccode\u003e88df3ff\u003c/code\u003e\u003c/a\u003e chore: fix readthedocs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d8b2fb45b2606515c58787c223d6605c6c70868f\"\u003e\u003ccode\u003ed8b2fb4\u003c/code\u003e\u003c/a\u003e fix: fix wbr handling (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/55e48cedb20bda23940ab34753a1fb378d5d30b9\"\u003e\u003ccode\u003e55e48ce\u003c/code\u003e\u003c/a\u003e chore: add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/a4d6cddac6e338c3d6f84c755a5fcb32e9e18fba\"\u003e\u003ccode\u003ea4d6cdd\u003c/code\u003e\u003c/a\u003e chore: drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/172d92faef543a83c6760c63c32749586cdd564b\"\u003e\u003ccode\u003e172d92f\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5.6.0 to 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/df88612f2e9daf8f4ee23cf0e29b712d9d9147b6\"\u003e\u003ccode\u003edf88612\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.2 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cbcf6b18d19aeb7777699f9385013d0a04052b68\"\u003e\u003ccode\u003ecbcf6b1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.2.3 to 4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d9aa7ef592d57dda56e26ba31d06e1b279c58eca\"\u003e\u003ccode\u003ed9aa7ef\u003c/code\u003e\u003c/a\u003e Switch from dependabot reviewers to CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/06f0f76cc68112bda3fa101d1730d5ba914d54a1\"\u003e\u003ccode\u003e06f0f76\u003c/code\u003e\u003c/a\u003e Update setuptools, wheel, and twine for devs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `blessed` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/releases\"\u003eblessed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.17.9: Initial support for Python 3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: Now imports on 3.10+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0: Disable various integration tests, support python 3.7\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.14.0: bugfix term.wrap for text containing newlines\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: term.wrap misbehaved for text containing newlines, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/74\"\u003e#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0: new Terminal.split_seqs() function, speed enhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method \u003ccode\u003eTerminal.split_seqs\u003c/code\u003e introduced, and 4x cost reduction in related sequence-aware functions, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/29\"\u003e#29\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003edeprecated: function \u003ccode\u003eblessed.sequences.measure_length\u003c/code\u003e superseded by \u003ccode\u003eblessed.sequences.iter_parse\u003c/code\u003e if necessary.\u003c/li\u003e\n\u003cli\u003edeprecated: warnings about \u0026quot;binary-packed capabilities\u0026quot; are no longer emitted on strange terminal types, making best effort.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.12.0: add Terminal.get_location() method\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method Terminal.get_location\u003ccode\u003ereturns the\u003c/code\u003e(row, col)`` position of the cursor at the time of call for attached terminal.\u003c/li\u003e\n\u003cli\u003eenhancement: a keyboard now detected as \u003cem\u003estdin\u003c/em\u003e when \u003ccode\u003estream\u003c/code\u003e is \u003ccode\u003esys.stderr\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/blob/master/docs/history.rst\"\u003eblessed's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. py:currentmodule:: blessed.terminal\u003c/p\u003e\n\u003ch1\u003eVersion History\u003c/h1\u003e\n\u003cp\u003e1.42\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: regression in :meth:\u003ccode\u003e~.Terminal.cbreak\u003c/code\u003e and :meth:\u003ccode\u003e~.Terminal.raw\u003c/code\u003e were not thread-safe\nbroken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:\u003ccode\u003e380\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.41\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: :meth:\u003ccode\u003e~.Terminal.get_location\u003c/code\u003e broken in 1.40, returned a generator instead of a tuple.\n:ghissue:\u003ccode\u003e378\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.40\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: jinxed_ is \u003cstrong\u003enow required on all platforms\u003c/strong\u003e, providing a curses-free and\n\u003ccode\u003esingleton-free \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free\u0026gt;\u003c/code\u003e_\nimplementation of the subset of curses_ used by blessed.  The jinxed_ 1.5.0 release provides a\nterminal \u003ccode\u003ecapability database \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#database\u0026gt;\u003c/code\u003e of 45 terminals and their\ncommon aliases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: Class initialization of :class:\u003ccode\u003e~.Terminal()\u003c/code\u003e now uses \u003ccode\u003eXTGETTCAP\u003c/code\u003e_ to determine\npreferred terminal name \u003ccode\u003eTN\u003c/code\u003e, 24-bit color support \u003ccode\u003eRGB\u003c/code\u003e, number of colors \u003ccode\u003eCo\u003c/code\u003e, \u003ccode\u003eitalic\u003c/code\u003e,\nand \u003ccode\u003eblink\u003c/code\u003e capabilities.\u003c/p\u003e\n\u003cp\u003eThis improves detection of Terminal \u003ccode\u003ekind\u003c/code\u003e and \u003ccode\u003enumber_of_colors\u003c/code\u003e over protocols like serial\nthat cannot forward any environment variables or ssh that do not forward \u003ccode\u003eCOLORTERM\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eintroduced: A :exc:\u003ccode\u003eUserWarning\u003c/code\u003e is emitted when :meth:\u003ccode\u003e~.Terminal.__getattr__\u003c/code\u003e resolves an\nunknown terminal capability name, helping developers catch typos like \u003ccode\u003eterm.bld\u003c/code\u003e\n(missing \u003ccode\u003ebold\u003c/code\u003e).  The warning can be suppressed by setting the environment variable\n\u003ccode\u003eBLESSED_NOWARN_UNKNOWN_CAPS\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebugfix: Fixed internal typo \u003ccode\u003esusimpleript\u003c/code\u003e to the correct terminfo name \u003ccode\u003essubm\u003c/code\u003e for the\n\u003ccode\u003eenter_susimpleript_mode\u003c/code\u003e capability.  This was previously masked by curses_ returning\nan empty string for unknown capabilities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.39\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.progress_bar\u003c/code\u003e for \u003ccode\u003eOSC 9;4 sequence \u0026lt;https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.text_sized\u003c/code\u003e -- wrap text in Kitty text sizing protocol (OSC 66)\nescape sequences, with graceful fallback to plain text when the terminal does not support\nthe protocol.\u003c/li\u003e\n\u003cli\u003eintroduced: :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e of name \u003ccode\u003eCPR_RESPONSE\u003c/code\u003e for asynchronous capture of Cursor\nPosition Report responses via :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e.  New argument\n\u003ccode\u003ecapture_cpr=True\u003c/code\u003e resolves the legacy F3 key ambiguity and matches against\n\u003ccode\u003eCPR_RESPONSE\u003c/code\u003e.  New properties :attr:\u003ccode\u003e~.Keystroke.cpr_yx\u003c/code\u003e and :attr:\u003ccode\u003e~.Keystroke.cpr_xy\u003c/code\u003e\nreturn the decoded cursor coordinates.  :ghpull:\u003ccode\u003e369\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e raises :exc:\u003ccode\u003eEOFError\u003c/code\u003e when keyboard fd is at EOF, rather\nthan returning an empty :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e.  :ghpull:\u003ccode\u003e371\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.ljust\u003c/code\u003e, :meth:\u003ccode\u003e~.Terminal.rjust\u003c/code\u003e, and :meth:\u003ccode\u003e~.Terminal.center\u003c/code\u003e\nnow measure text containing hyperlinks, Kitty text sizing protocol sequences, and overtyping\n(backspace/cursor-left with painter's algorithm), introduced by wcwidth_ 0.7.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jquast/blessed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/7a82579873d86998d560b8d06b3564c743918cd8\"\u003e\u003ccode\u003e7a82579\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/06a1d63a58620d394cc26a5e8582ed67eed3cb62\"\u003e\u003ccode\u003e06a1d63\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/2b6e7bd9d0d24c20f02df91f161ef2214fb53628\"\u003e\u003ccode\u003e2b6e7bd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/e6aee5dccd2169966814e328eaebdd14b742a0e2\"\u003e\u003ccode\u003ee6aee5d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05566d2cd7e3d191a37a663c842eb849418ae7e9\"\u003e\u003ccode\u003e05566d2\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/37e8136684e7107a6f7343770873a3630d347731\"\u003e\u003ccode\u003e37e8136\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4418d43f69ee005bf066dc5401b7cda83458c750\"\u003e\u003ccode\u003e4418d43\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e2df6190560507ab8ff05b4ea7712d0c4bfaf48\"\u003e\u003ccode\u003e5e2df61\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4787\"\u003e#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/81a86c9b8923634ee3e9f887c3f7f5e1e312d693\"\u003e\u003ccode\u003e81a86c9\u003c/code\u003e\u003c/a\u003e Add CI for 3.14t (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4786\"\u003e#4786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/bd1fb2372c4cecbc93a44be838bb4a38fd23c3ee\"\u003e\u003ccode\u003ebd1fb23\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d15b1246894c2be8ccaa8084abff4b6be9269f54\"\u003e\u003ccode\u003ed15b124\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b9f0f7fc6f0dc0541b14d8aadec4d92c64dc585f\"\u003e\u003ccode\u003eb9f0f7f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/ec174c1f3b8580736cbd783c9f79ed70cf9eb4c7\"\u003e\u003ccode\u003eec174c1\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/74501ceccf44a7def602007d2a870a17b7b742ec\"\u003e\u003ccode\u003e74501ce\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d6831a55afbdfa2dc51314e73997ce89dc533836\"\u003e\u003ccode\u003ed6831a5\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0e63dbed5a6270383200219af4a55e41f08ae72d\"\u003e\u003ccode\u003e0e63dbe\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/840e09fa3d9c0bd4b84601bdd1bb34e1ea2beb57\"\u003e\u003ccode\u003e840e09f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8228777f8858256515a6875366425acdc74b1c41\"\u003e\u003ccode\u003e8228777\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b63fa4bfc0587ca55a8684d18a82b86904ab234e\"\u003e\u003ccode\u003eb63fa4b\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 5.2.13 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/5.2.13...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-allauth` from 65.14.3 to 65.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/pennersr/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-otp` from 1.3.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-otp/django-otp/blob/master/CHANGES.rst\"\u003edjango-otp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.0 - January 07, 2026 - Async support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#185](https://github.com/django-otp/django-otp/issues/185)\u003c/code\u003e_: Make OTPMiddleware async capable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Aljosha Papsch.\u003c/p\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/185\"\u003edjango-otp/django-otp#185\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.3 - October 25, 2025 - Spanish update\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#182](https://github.com/django-otp/django-otp/issues/182)\u003c/code\u003e_: Correct missing Spanish translations\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#181](https://github.com/django-otp/django-otp/issues/181)\u003c/code\u003e_: Wrong :rtype: in StaticToken.random_token docstring\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003edjango-otp/django-otp#181\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/182\"\u003e#182\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/182\"\u003edjango-otp/django-otp#182\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.2 - October 21, 2025 - Cleanup\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#179](https://github.com/django-otp/django-otp/issues/179)\u003c/code\u003e_: Add missing gettext strings\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#180](https://github.com/django-otp/django-otp/issues/180)\u003c/code\u003e_: Remove tests from wheels\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/179\"\u003e#179\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/179\"\u003edjango-otp/django-otp#179\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/180\"\u003e#180\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/180\"\u003edjango-otp/django-otp#180\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.1 - July 08, 2025 - Small improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a {token} placeholder in :setting:\u003ccode\u003eOTP_EMAIL_SUBJECT\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0 - April 02, 2025 - Django 5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate test matrix for Django 5.2.\u003c/li\u003e\n\u003cli\u003eRemove support for Django 3.2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#161](https://github.com/django-otp/django-otp/issues/161)\u003c/code\u003e_: Discard proxied models when iterating device models\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/161\"\u003e#161\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/161\"\u003edjango-otp/django-otp#161\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/fc0d50b6f66da10fad250ce1640f0385f3229f48\"\u003e\u003ccode\u003efc0d50b\u003c/code\u003e\u003c/a\u003e Version 1.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/56e4ce3b5618de5d5a8a24c9eb709b51802ad06b\"\u003e\u003ccode\u003e56e4ce3\u003c/code\u003e\u003c/a\u003e Refactor test utilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/8c4d4c23649316c55dad6a79fb06fa975e5e4702\"\u003e\u003ccode\u003e8c4d4c2\u003c/code\u003e\u003c/a\u003e Update test matrix for Django 6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/0ac4ff33aa88fa73c12aa60713881481116a6d5f\"\u003e\u003ccode\u003e0ac4ff3\u003c/code\u003e\u003c/a\u003e Cleanup and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b10df0d8cb94c8242ca48bbcea3d307b553808a5\"\u003e\u003ccode\u003eb10df0d\u003c/code\u003e\u003c/a\u003e Make OTPMiddleware async capable. (\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/81211794b8cc9c8befc6c8330b6652d3c4e78fd5\"\u003e\u003ccode\u003e8121179\u003c/code\u003e\u003c/a\u003e Raise requires-python to 3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/38b7ebabd7b4817aec92f884d448eeb462e82108\"\u003e\u003ccode\u003e38b7eba\u003c/code\u003e\u003c/a\u003e Version 1.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b9026d7025da45b0144c99e91b5286c734448012\"\u003e\u003ccode\u003eb9026d7\u003c/code\u003e\u003c/a\u003e Correct Missing Spanish Translations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/ae18ba95bd03534e15583d456572f86ea2f41442\"\u003e\u003ccode\u003eae18ba9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: misdocumented return type.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/c9eef89240985293e0c9f197d0257a5352cfb62d\"\u003e\u003ccode\u003ec9eef89\u003c/code\u003e\u003c/a\u003e Version 1.6.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-otp/django-otp/compare/v1.3.0...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-q2` from 1.9.0 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GDay/django-q2/releases\"\u003edjango-q2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import by \u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worker-process post-execute signal by \u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003easync_iter: fix BadSignature after the default Django cache expires by \u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation by \u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update Django Q2 compatibility information by \u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e by \u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: qmonitor crash when passing int values to term.center by \u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list by \u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\"\u003ehttps://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md\"\u003edjango-q2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/django-q2/django-q2/tree/v1.10.0\"\u003ev1.10.0\u003c/a\u003e (2026-05-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/308\"\u003e#308\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd post_execute_in_worker signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with sync=True (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConvert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add ru locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/a699578c345f78b5f7faa5e34b6ccaf886ae7fd8\"\u003e\u003ccode\u003ea699578\u003c/code\u003e\u003c/a\u003e Release v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/5975a2d081db4fd6582f829e0df0dd9263ca4e28\"\u003e\u003ccode\u003e5975a2d\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/936fdd10b134dca4c5de020ca74b178742fd923e\"\u003e\u003ccode\u003e936fdd1\u003c/code\u003e\u003c/a\u003e Update Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/fab97463c2e724e46204fe8eab92a1a9bb8aebb2\"\u003e\u003ccode\u003efab9746\u003c/code\u003e\u003c/a\u003e Fix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1abdc5b653d9d5c362a6fb4a73df2d08acdc642e\"\u003e\u003ccode\u003e1abdc5b\u003c/code\u003e\u003c/a\u003e Convert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/01df35c92332801c21d8f12351e6b02c72608490\"\u003e\u003ccode\u003e01df35c\u003c/code\u003e\u003c/a\u003e Don't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/573b8da528c00a1fe8accf959d14e3af4a8f4e2a\"\u003e\u003ccode\u003e573b8da\u003c/code\u003e\u003c/a\u003e Update Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/8a563d289dc63f587d23237437f84af0f611d049\"\u003e\u003ccode\u003e8a563d2\u003c/code\u003e\u003c/a\u003e feat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1b0f71a39b80c49f0fcbb9a41b54b5dfaff0c175\"\u003e\u003ccode\u003e1b0f71a\u003c/code\u003e\u003c/a\u003e Fix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/b51575a4b03dfd4c22da6b948dddb35e2a243bef\"\u003e\u003ccode\u003eb51575a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epost_execute_in_worker\u003c/code\u003e signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/GDay/django-q2/compare/v1.9.0...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 1.2.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.1\t2026-04-29\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecover from concurrent pack removals (e.g. a racing \u003ccode\u003egit repack\u003c/code\u003e or\n\u003ccode\u003egit gc --auto\u003c/code\u003e) instead of raising spurious \u003ccode\u003eKeyError\u003c/code\u003e /\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e. \u003ccode\u003ePack.index\u003c/code\u003e and \u003ccode\u003ePack.data\u003c/code\u003e now translate\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e during lazy load into \u003ccode\u003ePackFileDisappeared\u003c/code\u003e,\nand \u003ccode\u003ePackBasedObjectStore\u003c/code\u003e evicts the stale pack and rescans the\npack directory before retrying — equivalent to git's\n\u003ccode\u003ereprepare_packed_git()\u003c/code\u003e. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers when\ncloning from a local repo. (Jelmer Vernooij)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing \u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57806b8a4d041cd18bf84ba8d715f4dd0bc5e200\"\u003e\u003ccode\u003e57806b8\u003c/code\u003e\u003c/a\u003e Release 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a127d330de1ef497935146bcd978211d9894787f\"\u003e\u003ccode\u003ea127d33\u003c/code\u003e\u003c/a\u003e Honor GIT_PROTOCOL env var when picking default protocol version (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1862\"\u003e#1862\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6c1697a108757766aba71624422a93900f2a867a\"\u003e\u003ccode\u003e6c1697a\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6685fde81a717d91d747953c2f9277939ea5ab6b\"\u003e\u003ccode\u003e6685fde\u003c/code\u003e\u003c/a\u003e lfs: use pathlib.Path.as_uri() for portable file:// URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0d0b9f8d205eb45660d81d1efc5b7ff1fc579e61\"\u003e\u003ccode\u003e0d0b9f8\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a0dac57db7ba8a6d9fe67d1cf4303cef306647a2\"\u003e\u003ccode\u003ea0dac57\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/cd6ebd90fc8f2f1b267db29c418c12c7ebb971a3\"\u003e\u003ccode\u003ecd6ebd9\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/bfaf192aaba90df54e4e7b07bba11a28cf36012b\"\u003e\u003ccode\u003ebfaf192\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2158\"\u003e#2158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/06d7afdeb87f742bdfff93563fd0acd042473b0a\"\u003e\u003ccode\u003e06d7afd\u003c/code\u003e\u003c/a\u003e Move GIT_SSH/GIT_SSH_COMMAND env lookup from client.py to cli.py (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2156\"\u003e#2156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/e60e0c1a4d44441d2f6edfc01ba5098d2ed24cf0\"\u003e\u003ccode\u003ee60e0c1\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-1.2.0...dulwich-1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis-common-protos` from 1.74.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-python/releases\"\u003egoogleapis-common-protos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleapis-common-protos: v1.75.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ev1.75.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/3997a108c45e1c1df8e844746eb2af4b1a77e154\"\u003e\u003ccode\u003e3997a10\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260506T163115Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16964\"\u003e#16964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f655e492c0879684b60a7d06e90501dd49e96252\"\u003e\u003ccode\u003ef655e49\u003c/code\u003e\u003c/a\u003e chore: add type annotation to SYNCPOINTS (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16973\"\u003e#16973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f149bd7dd30489c3165bf03a2343dc9f75875451\"\u003e\u003ccode\u003ef149bd7\u003c/code\u003e\u003c/a\u003e refactor(bigframes): Modularize compiler routing as proxy executor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16907\"\u003e#16907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/19db82f5cb033215531e5b65239e45275e3ed568\"\u003e\u003ccode\u003e19db82f\u003c/code\u003e\u003c/a\u003e chore(bigframes): remove leftover support for Python \u0026lt;= 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16961\"\u003e#16961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/2dedaacf0666ade39ae89194ad8dbc34761bd1df\"\u003e\u003ccode\u003e2dedaac\u003c/code\u003e\u003c/a\u003e chore: test CommonResource resource name alias (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16965\"\u003e#16965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/9652a08cb89441fac779eb4fa4d6f48f33b55d3b\"\u003e\u003ccode\u003e9652a08\u003c/code\u003e\u003c/a\u003e fix: pass resource aliases to file-level CommonResources (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16945\"\u003e#16945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/78a48b040a2abc0bf19ebe267aba0a1f410df2e6\"\u003e\u003ccode\u003e78a48b0\u003c/code\u003e\u003c/a\u003e fix(google-cloud-core): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16953\"\u003e#16953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/5975c48186dd8798b172ac442fd55bc7fece1612\"\u003e\u003ccode\u003e5975c48\u003c/code\u003e\u003c/a\u003e fix(dns): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16954\"\u003e#16954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/d5bea2e99b435b8b3d75321679072db092001de6\"\u003e\u003ccode\u003ed5bea2e\u003c/code\u003e\u003c/a\u003e fix(crc32c): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16955\"\u003e#16955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/63f6d96c1c5569b5fdaea85dfe995ce280907b98\"\u003e\u003ccode\u003e63f6d96\u003c/code\u003e\u003c/a\u003e fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16956\"\u003e#16956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `icalendar` from 7.0.3 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/releases\"\u003eicalendar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cp\u003eTo view the changes, please see the \u003ca href=\"https://icalendar.readthedocs.io/en/latest/changelog.html\"\u003eChangelog\u003c/a\u003e. This release can be installed from \u003ca href=\"https://pypi.org/project/icalendar/#history\"\u003ePyPI\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/blob/main/CHANGES.rst\"\u003eicalendar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-04-30)\u003c/h2\u003e\n\u003cp\u003eMinor changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`\n- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`\n- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`\n- Make icalendar an explicit editable install for clarity. :pr:`1268`\n- Do not run some tests until a pull request is approved. :pr:`1246`\n- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`\n- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`\n- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`\n- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`\n- Add type hints to tests directory functions. :issue:`938`\n- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.\n\u003cp\u003eNew features\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`\n- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`\n- Added ``subcomponents`` parameter to :meth:`Component.new \u0026amp;lt;icalendar.cal.component.Component.new\u0026amp;gt;`, :meth:`Event.new \u0026amp;lt;icalendar.cal.event.Event.new\u0026amp;gt;`, :meth:`Todo.new \u0026amp;lt;icalendar.cal.todo.Todo.new\u0026amp;gt;`, and :meth:`Availability.new \u0026amp;lt;icalendar.cal.availability.Availability.new\u0026amp;gt;`. :issue:`1065`\n- Switch to uv for development. :issue:`1102`\n\nBug fixes\n~~~~~~~~~\n\n- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`\n- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnkno...\n\n_Description has been truncated_","html_url":"https://github.com/invenhost/InvenTree/pull/342","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invenhost%2FInvenTree/issues/342","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/342/packages"},{"uuid":"4490802559","node_id":"PR_kwDOBZ4-_87dvn-k","number":1461,"state":"closed","title":"Bump the pip group across 6 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-21T00:35:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:34:02.000Z","updated_at":"2026-05-21T00:41:18.000Z","time_to_close":73,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":6,"packages":[{"name":"pymdown-extensions","old_version":"10.16.1","new_version":"10.21.3","repository_url":"https://github.com/facelessuser/pymdown-extensions"},{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"paramiko","old_version":"3.4.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pytorch-lightning","old_version":"2.4.0","new_version":"2.6.1","repository_url":"https://github.com/Lightning-AI/pytorch-lightning"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /docs directory: [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions).\nBumps the pip group with 2 updates in the /emmet-api/requirements directory: [idna](https://github.com/kjd/idna) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 6 updates in the /emmet-builders-legacy/requirements directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.16.1` | `10.21.3` |\n| [idna](https://github.com/kjd/idna) | `3.7` | `3.15` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.4.0` | `5.0.0` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.4.0` | `2.6.1` |\n\nBumps the pip group with 5 updates in the /emmet-builders/requirements directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [idna](https://github.com/kjd/idna) | `3.7` | `3.15` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.4.0` | `5.0.0` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.4.0` | `2.6.1` |\n\nBumps the pip group with 1 update in the /emmet-cli-legacy directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 2 updates in the /emmet-core/requirements directory: [idna](https://github.com/kjd/idna) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `pymdown-extensions` from 10.16.1 to 10.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/releases\"\u003epymdown-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.21.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when\n\u003ccode\u003erestrict_base_path\u003c/code\u003e is enabled (the default). Found by \u003ca href=\"https://github.com/gistrec\"\u003e\u003ccode\u003e@​gistrec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21. 2\u003c/h2\u003e\n\u003ch2\u003e10.21.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Highlight: Latest Pygments versions cannot handle a \u0026quot;filename\u0026quot; for code block titles of \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by\n\u003ca href=\"https://github.com/joapuiib\"\u003e\u003ccode\u003e@​joapuiib\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: MagicLink: Fix a matching pattern for Bitbucket repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Quotes: New blockquotes extension added that uses a more modern approach when compared to Python Markdown's\ndefault. Quotes specifically will not group consecutive blockquotes together in the same lazy fashion that the\ndefault Python Markdown does which follows a more modern trend to how parsers these days handle block quotes.\u003c/p\u003e\n\u003cp\u003eIn addition, Quotes also provides an optional feature to enable specifying callouts/alerts in the style used by\nGitHub and Obsidian.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Arithmatex: Fix issue where block \u003ccode\u003e$$\u003c/code\u003e math used inline within a paragraph could result in nested math\nparsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Emoji: Update Twemoji to use Unicode 16.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: Roll back \u003ccode\u003eview\u003c/code\u003e mode deprecation as some still like to use it, though further enhancements to this\nmode are not planned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: \u003ccode\u003eview\u003c/code\u003e mode has been deprecated. To avoid warnings or future issues, explicitly set \u003ccode\u003emode\u003c/code\u003e to\neither \u003ccode\u003eaccept\u003c/code\u003e or \u003ccode\u003ereject\u003c/code\u003e. In the future, the new default will be \u003ccode\u003eaccept\u003c/code\u003e and the \u003ccode\u003eview\u003c/code\u003e mode will be removed\nentirely.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Block Admonition: \u003ccode\u003eimportant\u003c/code\u003e should have always been available as a default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.17.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Blocks: Blocks extensions will now better handle nesting of indented style Admonitions, Details, and Tabbed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/42628414c6591b1a1ce211157090783e3b2242d6\"\u003e\u003ccode\u003e4262841\u003c/code\u003e\u003c/a\u003e Fix spelling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c\"\u003e\u003ccode\u003e63b7835\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/3d185501daaa1424c4a8d42124112c44ef6ab635\"\u003e\u003ccode\u003e3d18550\u003c/code\u003e\u003c/a\u003e Docs: update js deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/a4fdd73554706877e339692183b9424e8f5fec24\"\u003e\u003ccode\u003ea4fdd73\u003c/code\u003e\u003c/a\u003e Skip tag 10.21.1 has we accidentally already used it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/8afb4cde8fa5159e4318ab72e2daa55fd1107d4f\"\u003e\u003ccode\u003e8afb4cd\u003c/code\u003e\u003c/a\u003e Docs: Update JS deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/7bf5b2965a6b3dc6ee502ad3d117f6182e838e56\"\u003e\u003ccode\u003e7bf5b29\u003c/code\u003e\u003c/a\u003e Pygments needs a non-None value for code block title (\u003ca href=\"https://redirect.github.com/facelessuser/pymdown-extensions/issues/2863\"\u003e#2863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/20b11ebc86b54fbbed3d43e6f1d845ee474b2378\"\u003e\u003ccode\u003e20b11eb\u003c/code\u003e\u003c/a\u003e Fix some spelling and formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/c9edba3301e321e1e0f830a74a01ccbf10a45786\"\u003e\u003ccode\u003ec9edba3\u003c/code\u003e\u003c/a\u003e Docs: strengthen Snippets warning and add security considerations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/6d92b6878f8d55fd8843a58dd6634cfdfb6df722\"\u003e\u003ccode\u003e6d92b68\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/baeca0e10c5beca4d81fe782058f24b7eb9bf5ff\"\u003e\u003ccode\u003ebaeca0e\u003c/code\u003e\u003c/a\u003e Docs: update JS deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/compare/10.16.1...10.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymdown-extensions` from 10.16.1 to 10.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/releases\"\u003epymdown-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.21.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when\n\u003ccode\u003erestrict_base_path\u003c/code\u003e is enabled (the default). Found by \u003ca href=\"https://github.com/gistrec\"\u003e\u003ccode\u003e@​gistrec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21. 2\u003c/h2\u003e\n\u003ch2\u003e10.21.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Highlight: Latest Pygments versions cannot handle a \u0026quot;filename\u0026quot; for code block titles of \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by\n\u003ca href=\"https://github.com/joapuiib\"\u003e\u003ccode\u003e@​joapuiib\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: MagicLink: Fix a matching pattern for Bitbucket repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Quotes: New blockquotes extension added that uses a more modern approach when compared to Python Markdown's\ndefault. Quotes specifically will not group consecutive blockquotes together in the same lazy fashion that the\ndefault Python Markdown does which follows a more modern trend to how parsers these days handle block quotes.\u003c/p\u003e\n\u003cp\u003eIn addition, Quotes also provides an optional feature to enable specifying callouts/alerts in the style used by\nGitHub and Obsidian.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Arithmatex: Fix issue where block \u003ccode\u003e$$\u003c/code\u003e math used inline within a paragraph could result in nested math\nparsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Emoji: Update Twemoji to use Unicode 16.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: Roll back \u003ccode\u003eview\u003c/code\u003e mode deprecation as some still like to use it, though further enhancements to this\nmode are not planned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: \u003ccode\u003eview\u003c/code\u003e mode has been deprecated. To avoid warnings or future issues, explicitly set \u003ccode\u003emode\u003c/code\u003e to\neither \u003ccode\u003eaccept\u003c/code\u003e or \u003ccode\u003ereject\u003c/code\u003e. In the future, the new default will be \u003ccode\u003eaccept\u003c/code\u003e and the \u003ccode\u003eview\u003c/code\u003e mode will be removed\nentirely.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Block Admonition: \u003ccode\u003eimportant\u003c/code\u003e should have always been available as a default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.17.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Blocks: Blocks extensions will now better handle nesting of indented style Admonitions, Details, and Tabbed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/42628414c6591b1a1ce211157090783e3b2242d6\"\u003e\u003ccode\u003e4262841\u003c/code\u003e\u003c/a\u003e Fix spelling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c\"\u003e\u003ccode\u003e63b7835\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/3d185501daaa1424c4a8d42124112c44ef6ab635\"\u003e\u003ccode\u003e3d18550\u003c/code\u003e\u003c/a\u003e Docs: update js deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/a4fdd73554706877e339692183b9424e8f5fec24\"\u003e\u003ccode\u003ea4fdd73\u003c/code\u003e\u003c/a\u003e Skip tag 10.21.1 has we accidentally already used it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/8afb4cde8fa5159e4318ab72e2daa55fd1107d4f\"\u003e\u003ccode\u003e8afb4cd\u003c/code\u003e\u003c/a\u003e Docs: Update JS deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/7bf5b2965a6b3dc6ee502ad3d117f6182e838e56\"\u003e\u003ccode\u003e7bf5b29\u003c/code\u003e\u003c/a\u003e Pygments needs a non-None value for code block title (\u003ca href=\"https://redirect.github.com/facelessuser/pymdown-extensions/issues/2863\"\u003e#2863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/20b11ebc86b54fbbed3d43e6f1d845ee474b2378\"\u003e\u003ccode\u003e20b11eb\u003c/code\u003e\u003c/a\u003e Fix some spelling and formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/c9edba3301e321e1e0f830a74a01ccbf10a45786\"\u003e\u003ccode\u003ec9edba3\u003c/code\u003e\u003c/a\u003e Docs: strengthen Snippets warning and add security considerations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/6d92b6878f8d55fd8843a58dd6634cfdfb6df722\"\u003e\u003ccode\u003e6d92b68\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/baeca0e10c5beca4d81fe782058f24b7eb9bf5ff\"\u003e\u003ccode\u003ebaeca0e\u003c/code\u003e\u003c/a\u003e Docs: update JS deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/compare/10.16.1...10.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.0.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.0.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 3.4.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.4.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytorch-lightning` from 2.4.0 to 2.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/releases\"\u003epytorch-lightning's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLightning v2.6.1\u003c/h2\u003e\n\u003ch1\u003eChanges in \u003ccode\u003e2.6.1\u003c/code\u003e\u003c/h1\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003ePyTorch Lightning\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eAdded method chaining support to \u003ccode\u003eLightningModule.freeze()\u003c/code\u003e and \u003ccode\u003eLightningModule.unfreeze()\u003c/code\u003e by returning \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21469\"\u003e#21469\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded litlogger integration(\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21430\"\u003e#21430\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecated \u003ccode\u003eto_torchscript\u003c/code\u003e method due to deprecation of TorchScript in PyTorch (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21397\"\u003e#21397\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved support for Python 3.9 due to end-of-life status (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21398\"\u003e#21398\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esave_hyperparameters(ignore=...)\u003c/code\u003e behavior so subclass ignore rules override base class rules (#\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21490\"\u003e21490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLightningDataModule.load_from_checkpoint\u003c/code\u003e to restore the datamodule subclass and hyperparameters (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21478\"\u003e#21478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eModelParallelStrategy\u003c/code\u003e single-file checkpointing when \u003ccode\u003etorch.compile\u003c/code\u003e wraps the model so optimizer states no longer raise \u003ccode\u003eKeyError\u003c/code\u003e during save (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21357\"\u003e#21357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSanitize profiler filenames when saving to avoid crashes due to invalid characters (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21395\"\u003e#21395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eStochasticWeightAveraging\u003c/code\u003e with infinite epochs (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21396\"\u003e#21396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e_generate_seed_sequence_sampling\u003c/code\u003e function not producing unique seeds (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21399\"\u003e#21399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eThroughputMonitor\u003c/code\u003e callback emitting warnings too frequently (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21453\"\u003e#21453\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eLightning Fabric\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eExposed \u003ccode\u003eweights_only\u003c/code\u003e argument for loading checkpoints in \u003ccode\u003eFabric.load()\u003c/code\u003e and \u003ccode\u003eFabric.load_raw()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21470\"\u003e#21470\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDistributedSamplerWrapper\u003c/code\u003e not forwarding \u003ccode\u003eset_epoch\u003c/code\u003e to the underlying sampler (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21454\"\u003e#21454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DDP notebook CUDA fork check to allow passive initialization when CUDA is not actively used (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21402\"\u003e#21402\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/655a3a91828694b9bfc241177f474741e483aeaa\"\u003e\u003ccode\u003e655a3a9\u003c/code\u003e\u003c/a\u003e bump(deps): bump \u003ccode\u003elitlogger\u003c/code\u003e version to \u003ccode\u003e\u0026gt;=0.1.7\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21517\"\u003e#21517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/300c05a96bdb9a355e53160c695e69bb25bfa965\"\u003e\u003ccode\u003e300c05a\u003c/code\u003e\u003c/a\u003e Prepare release 2.6.1 (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21516\"\u003e#21516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/dc16bc56ff66ea321f90d4aec69a41c7c0bb82e4\"\u003e\u003ccode\u003edc16bc5\u003c/code\u003e\u003c/a\u003e build(deps): update setuptools requirement from \u0026lt;80.9.1 to \u0026lt;80.10.3 in /requi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/6ee3800a120937d27cf774e57d2d28986062999e\"\u003e\u003ccode\u003e6ee3800\u003c/code\u003e\u003c/a\u003e build(deps): update torchvision requirement from \u0026lt;0.25.0,\u0026gt;=0.16.0 to \u0026gt;=0.16.0...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/6478f8ec9cd3d4f524d73ad0df070d0a566ee9a3\"\u003e\u003ccode\u003e6478f8e\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003esave_hyperparameters\u003c/code\u003e ignore precedence in subclasses (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21490\"\u003e#21490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/2712587858c8f89e9dfbfe10cb919340acdb9c8c\"\u003e\u003ccode\u003e2712587\u003c/code\u003e\u003c/a\u003e CI: fix doctest failure from PyTorch LeafSpec FutureWarning (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21502\"\u003e#21502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/ae1dc6f0eb9ce3229532b4de7f1036630ae7e2f1\"\u003e\u003ccode\u003eae1dc6f\u003c/code\u003e\u003c/a\u003e fix(link-check): resolve broken URLs (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21493\"\u003e#21493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/f0b1c5274552b607d7a4b22216deaf910ffc2aba\"\u003e\u003ccode\u003ef0b1c52\u003c/code\u003e\u003c/a\u003e fix(fabric): forward set_epoch to underlying sampler in DistributedSamplerWra...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/bddc25309b77a5100c86105354108ec3abe89711\"\u003e\u003ccode\u003ebddc253\u003c/code\u003e\u003c/a\u003e Fix warning frequency in throughput monitor callback (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21453\"\u003e#21453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/2f4b58a84aca372b92091fb8463a3f76d741b825\"\u003e\u003ccode\u003e2f4b58a\u003c/code\u003e\u003c/a\u003e build(deps): update numpy requirement from \u0026lt;2.3.5,\u0026gt;2.1.0 to \u0026gt;2.1.0,\u0026lt;2.4.2 in ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/compare/2.4.0...2.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.0.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://re...\n\n_Description has been truncated_","html_url":"https://github.com/materialsproject/emmet/pull/1461","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/materialsproject%2Femmet/issues/1461","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1461/packages"},{"uuid":"4481265169","node_id":"PR_kwDOMXNO-87dQ8Rf","number":7501,"state":"closed","title":"Bump the uv group across 17 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T22:20:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T21:41:49.000Z","updated_at":"2026-05-19T22:20:50.000Z","time_to_close":2339,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":3,"packages":[{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /ci/markdown-broken-link-checker directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 2 updates in the /crates/tensorzero-core/fixtures/deployment/sagemaker-ollama directory: [idna](https://github.com/kjd/idna) and [paramiko](https://github.com/paramiko/paramiko).\nBumps the uv group with 1 update in the /crates/tensorzero-core/fixtures/deployment/sagemaker-tgi directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/babyai directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/gateway/call-llms-with-image-and-file-inputs directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/operations/track-usage-and-cost directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/optimization/dynamic-in-context-learning-dicl directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/optimization/gepa directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/optimization/supervised-fine-tuning-sft directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/embeddings/providers/azure directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/embeddings/providers/openai directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/embeddings/providers/openai-compatible-ollama directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/tool-use directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 2 updates in the /examples/integrations/langgraph directory: [idna](https://github.com/kjd/idna) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).\nBumps the uv group with 1 update in the /examples/mcp-model-context-protocol directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/multimodal-vision-finetuning directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/optimization/dicl directory: [idna](https://github.com/kjd/idna).\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli...\n\n_Description has been truncated_","html_url":"https://github.com/tensorzero/tensorzero/pull/7501","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorzero%2Ftensorzero/issues/7501","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7501/packages"},{"uuid":"4481035747","node_id":"PR_kwDONhLw9c7dQL5A","number":185,"state":"open","title":"Bump the uv group across 12 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T21:04:35.000Z","updated_at":"2026-06-01T00:18:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":9,"packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"banks","old_version":"2.3.0","new_version":"2.4.2","repository_url":"https://github.com/masci/banks"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"paramiko","old_version":"3.5.1","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"ujson","old_version":"5.11.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /backend directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /platform-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /prompt-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /runner directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 3 updates in the /tool-sidecar directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 7 updates in the /unstract/connectors directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.3.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.5.1` | `5.0.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/filesystem directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/sdk1 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.4` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/tool-registry directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 6 updates in the /unstract/workflow-execution directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.4.1` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n\nBumps the uv group with 1 update in the /workers directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /x2text-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/unstract/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Funstract/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"},{"uuid":"4459256565","node_id":"PR_kwDORSvhlc7cLiiL","number":1,"state":"open","title":"Bump the pip group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T08:28:01.000Z","updated_at":"2026-05-16T08:28:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":11,"packages":[{"name":"fastmcp","old_version":"2.13.1","new_version":"3.2.0","repository_url":"https://github.com/PrefectHQ/fastmcp"},{"name":"flask","old_version":"3.0.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"simpleeval","old_version":"1.0.3","new_version":"1.0.5","repository_url":"https://github.com/danthedeckie/simpleeval"},{"name":"langchain-core","old_version":"0.3.49","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-community","old_version":"0.3.19","new_version":"0.3.27","repository_url":"https://github.com/langchain-ai/langchain-community"},{"name":"lxml-html-clean","old_version":"0.3.1","new_version":"0.4.4","repository_url":"https://github.com/fedora-python/lxml_html_clean"},{"name":"mcp","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/modelcontextprotocol/python-sdk"},{"name":"paramiko","old_version":"3.5.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pypdf","old_version":"6.0.0","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"python-dotenv","old_version":"1.1.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"unstructured","old_version":"0.16.23","new_version":"0.18.18","repository_url":"https://github.com/Unstructured-IO/unstructured"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `2.13.1` | `3.2.0` |\n| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |\n| [simpleeval](https://github.com/danthedeckie/simpleeval) | `1.0.3` | `1.0.5` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.19` | `0.3.27` |\n| [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) | `0.3.1` | `0.4.4` |\n| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.22.0` | `1.23.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.5.0` | `5.0.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.0.0` | `6.10.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [unstructured](https://github.com/Unstructured-IO/unstructured) | `0.16.23` | `0.18.18` |\n\n\nUpdates `fastmcp` from 2.13.1 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases\"\u003efastmcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0: Show Don't Tool\u003c/h2\u003e\n\u003cp\u003eFastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs — charts, dashboards, forms, maps — rendered right inside the conversation.\u003c/p\u003e\n\u003ch2\u003eFastMCPApp\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eFastMCPApp\u003c/code\u003e is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (\u003ccode\u003e@app.ui()\u003c/code\u003e) from the backend tools the UI calls (\u003ccode\u003e@app.tool()\u003c/code\u003e), manages visibility automatically, and gives tool references stable identifiers that survive namespace transforms and server composition — without requiring host cooperation.\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003efrom fastmcp import FastMCP, FastMCPApp\nfrom prefab_ui.actions.mcp import CallTool\nfrom prefab_ui.components import Column, Form, Input, Button, ForEach, Text\n\u003cp\u003eapp = FastMCPApp(\u0026quot;Contacts\u0026quot;)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.tool()\ndef save_contact(name: str, email: str) -\u0026gt; list[dict]:\ndb.append({\u0026quot;name\u0026quot;: name, \u0026quot;email\u0026quot;: email})\nreturn list(db)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.ui()\ndef contact_manager() -\u0026gt; PrefabApp:\nwith PrefabApp(state={\u0026quot;contacts\u0026quot;: list(db)}) as view:\nwith Column(gap=4):\nForEach(\u0026quot;contacts\u0026quot;, lambda c: Text(c.name))\nwith Form(on_submit=CallTool(\u0026quot;save_contact\u0026quot;)):\nInput(name=\u0026quot;name\u0026quot;, required=True)\nInput(name=\u0026quot;email\u0026quot;, required=True)\nButton(\u0026quot;Save\u0026quot;)\nreturn view\u003c/p\u003e\n\u003cp\u003emcp = FastMCP(\u0026quot;Server\u0026quot;, providers=[app])\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe UI is built with \u003ca href=\"https://prefab.prefect.io\"\u003ePrefab\u003c/a\u003e, a Python component library that compiles to interactive UIs. You write Python; the user sees charts, tables, forms, and dashboards. FastMCP handles the MCP Apps protocol machinery — renderer resources, CSP configuration, structured content serialization — so you don't have to.\u003c/p\u003e\n\u003cp\u003eFor simpler cases where you just want to visualize data without server interaction, set \u003ccode\u003eapp=True\u003c/code\u003e on any tool and return Prefab components directly:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e@mcp.tool(app=True)\ndef revenue_chart(year: int) -\u0026gt; PrefabApp:\n    with PrefabApp() as app:\n        BarChart(data=revenue_data, series=[ChartSeries(data_key=\u0026quot;revenue\u0026quot;)])\n    return app\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eBuilt-in Providers\u003c/h2\u003e\n\u003cp\u003eFive ready-made providers you add with a single \u003ccode\u003eadd_provider()\u003c/code\u003e call:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFileUpload\u003c/strong\u003e — drag-and-drop file upload with session-scoped storage\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx\"\u003efastmcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003etitle: \u0026quot;Changelog\u0026quot;\nicon: \u0026quot;list-check\u0026quot;\nrss: true\ntag: NEW\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.1.1\"\u003ev3.1.1: 'Tis But a Patch\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePins \u003ccode\u003epydantic-monty\u003c/code\u003e below 0.0.8 to fix a breaking change in Monty that affects code mode. Monty 0.0.8 removed the \u003ccode\u003eexternal_functions\u003c/code\u003e constructor parameter, causing \u003ccode\u003eMontySandboxProvider\u003c/code\u003e to fail. This patch caps the version so existing installs work correctly.\u003c/p\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePin pydantic-monty below 0.0.8 to fix code mode by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3497\"\u003e#3497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v3.1.0...v3.1.1\"\u003ev3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.1.0\"\u003ev3.1.0: Code to Joy\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFastMCP 3.1 is the Code Mode release. The 3.0 architecture introduced providers and transforms as the extensibility layer — 3.1 puts that architecture to work, shipping the most requested capability since launch: servers that can find and execute code on behalf of agents, without requiring clients to know what tools exist.\u003c/p\u003e\n\u003ch3\u003eNew Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Search transforms for tool discovery by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3154\"\u003e#3154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd experimental CodeMode transform by \u003ca href=\"https://github.com/aaazzam\"\u003e\u003ccode\u003e@​aaazzam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3297\"\u003e#3297\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Prefab Apps integration for MCP tool UIs by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3316\"\u003e#3316\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🔧\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLazy-load heavy imports to reduce import time by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3295\"\u003e#3295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd http_client parameter to all token verifiers for connection pooling by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3300\"\u003e#3300\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd in-memory caching for token introspection results by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3298\"\u003e#3298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SessionStart hook to install gh CLI in cloud sessions by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3308\"\u003e#3308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix ty 0.0.19 type errors by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3310\"\u003e#3310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCode Mode: Add resource limits to MontySandboxProvider by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3326\"\u003e#3326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept transforms as FastMCP init kwarg by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSplit large test files to comply with loq line limit by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3328\"\u003e#3328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd -m/--module flag to \u003ccode\u003efastmcp run\u003c/code\u003e and \u003ccode\u003edev inspector\u003c/code\u003e by \u003ca href=\"https://github.com/dgenio\"\u003e\u003ccode\u003e@​dgenio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3331\"\u003e#3331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd search_result_serializer hook and serialize_tools_for_output_markdown by \u003ca href=\"https://github.com/MagnusS0\"\u003e\u003ccode\u003e@​MagnusS0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3337\"\u003e#3337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MultiAuth for composing multiple token verification sources by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3335\"\u003e#3335\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds PropelAuth as an AuthProvider by \u003ca href=\"https://github.com/andrew-propelauth\"\u003e\u003ccode\u003e@​andrew-propelauth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3358\"\u003e#3358\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace vendored DI with uncalled-for by \u003ca href=\"https://github.com/chrisguidry\"\u003e\u003ccode\u003e@​chrisguidry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3301\"\u003e#3301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecompose CodeMode into composable discovery tools by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(contrib): auto-sync MCPMixin decorators with from_function signatures by \u003ca href=\"https://github.com/AnkeshThakur\"\u003e\u003ccode\u003e@​AnkeshThakur\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3323\"\u003e#3323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Google GenAI Sampling Handler by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd ListTools, search limit, and catalog size annotation to CodeMode by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3359\"\u003e#3359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow configuring FastMCP transport setting in the same way as other configuration by \u003ca href=\"https://github.com/jvdmr\"\u003e\u003ccode\u003e@​jvdmr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/1796\"\u003e#1796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd include_unversioned option to VersionFilter by \u003ca href=\"https://github.com/yangbaechu\"\u003e\u003ccode\u003e@​yangbaechu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/665514e19a78543709be85b4261153bbe98e882f\"\u003e\u003ccode\u003e665514e\u003c/code\u003e\u003c/a\u003e Add forward_resource flag to OAuthProxy (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3711\"\u003e#3711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f189d1f7fbfd55c9f68c750a3a293e31c7586e8b\"\u003e\u003ccode\u003ef189d1f\u003c/code\u003e\u003c/a\u003e Bump pydantic-monty to 0.0.9 (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3707\"\u003e#3707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/6faa2d61f82eab670694965606fd7b14bedddc7f\"\u003e\u003ccode\u003e6faa2d6\u003c/code\u003e\u003c/a\u003e Remove hardcoded prefab-ui version from pinning warnings (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3708\"\u003e#3708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/dd8816c6ccc733048fe6208bfc8f80ded505f993\"\u003e\u003ccode\u003edd8816c\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3701\"\u003e#3701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/d27495960af23969f11d6e1e44e2018529c1c37e\"\u003e\u003ccode\u003ed274959\u003c/code\u003e\u003c/a\u003e docs: note that custom routes are unauthenticated (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3706\"\u003e#3706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/4a54be2d5f1ac8925a461e67cf993e0278729d4d\"\u003e\u003ccode\u003e4a54be2\u003c/code\u003e\u003c/a\u003e Add examples gallery page (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3705\"\u003e#3705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/961dd5045611e9c1bd6b7c4f5ac3aa14f0a30ce7\"\u003e\u003ccode\u003e961dd50\u003c/code\u003e\u003c/a\u003e Add interactive map example with geocoding (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f01d0c581c7a821a9701d6dde4d9beb95e32d479\"\u003e\u003ccode\u003ef01d0c5\u003c/code\u003e\u003c/a\u003e Add quiz example app, fix dev server empty string args (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3700\"\u003e#3700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/85b7efd74601a72c74ac68e23599de6c032bb9c4\"\u003e\u003ccode\u003e85b7efd\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/27abe3c3f0cc2ce1925cc3cbc7968d5637ebc82b\"\u003e\u003ccode\u003e27abe3c\u003c/code\u003e\u003c/a\u003e Add sales dashboard and live system monitor examples, bump prefab-ui to 0.17 ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v2.13.1...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simpleeval` from 1.0.3 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/danthedeckie/simpleeval/releases\"\u003esimpleeval's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.5\u003c/h2\u003e\n\u003cp\u003eFixes Security issues with \u0026quot;dangerous\u0026quot; modules \u0026amp; functions leaking through as attributes of other names, see:\u003c/p\u003e\n\u003cp\u003eFixes CVE-2026-32640\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/security/advisories/GHSA-44vg-5wv2-h2hg\"\u003ehttps://github.com/danthedeckie/simpleeval/security/advisories/GHSA-44vg-5wv2-h2hg\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBreaking Change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eModules \u0026amp; Submodules now are not directly usable as names or as attributes of other items, if you still need this functionality, then use the new \u003ccode\u003eModuleWrapper\u003c/code\u003e, or subclass SimpleEval to bypass it.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/a4659fad8f3fb855acaf7667b2a48ff9f5576b5d\"\u003e\u003ccode\u003ea4659fa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/danthedeckie/simpleeval/issues/171\"\u003e#171\u003c/a\u003e from danthedeckie/remove-module-access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/7c9180c52d1fcfea468ae42cf9495d8f055a2940\"\u003e\u003ccode\u003e7c9180c\u003c/code\u003e\u003c/a\u003e version number bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/cffa9f68cee54404a2ef43d949a8ae8a3311c503\"\u003e\u003ccode\u003ecffa9f6\u003c/code\u003e\u003c/a\u003e Much stricter lockdown via _check_disallowed_items plus adding ModuleWrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/4e7f4b81e6d32fd2c24dd5cfa2977d725e11162d\"\u003e\u003ccode\u003e4e7f4b8\u003c/code\u003e\u003c/a\u003e Add ByamB4 to contributors list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/1654cbf0219345f707c79664b8657be6b8d23e33\"\u003e\u003ccode\u003e1654cbf\u003c/code\u003e\u003c/a\u003e Disallow module access \u0026amp; disallowed function access via attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/9cb4a7b99498c173263bd90f77bc185e160fb6b8\"\u003e\u003ccode\u003e9cb4a7b\u003c/code\u003e\u003c/a\u003e Add a few additional DISALLOW_FUNCTIONS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/0425898b23abb3f1a9ed56dbb0bb4244d6350f2f\"\u003e\u003ccode\u003e0425898\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/danthedeckie/simpleeval/issues/169\"\u003e#169\u003c/a\u003e from danthedeckie/update-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/618bcf4b2cb322aefc76735bf091739c8148a19e\"\u003e\u003ccode\u003e618bcf4\u003c/code\u003e\u003c/a\u003e update build tools / config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/88289434c3f88df4646ce37fc67a3ef9158917d6\"\u003e\u003ccode\u003e8828943\u003c/code\u003e\u003c/a\u003e bump version, and update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/97570fe4659bbafdf49d9407dc4423f3c7f0f235\"\u003e\u003ccode\u003e97570fe\u003c/code\u003e\u003c/a\u003e lint string joining fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/danthedeckie/simpleeval/compare/1.0.3...1.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.49 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.49...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-community` from 0.3.19 to 0.3.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain-community/releases\"\u003elangchain-community's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elibs/community/v0.3.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecommunity[patch]: verify ssl by default in RecursiveUrlLoader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/136\"\u003elangchain-ai/langchain-community#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Change JSON loader to be able to handle UTF-8-BOM files by \u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWriteFileTool should create not existent parent dirs in file_path by \u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:zap: fix: update OpenAI model cost values for accuracy by \u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: Prevent XXE in evernote loader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/139\"\u003elangchain-ai/langchain-community#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease 0.3.27 by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/143\"\u003elangchain-ai/langchain-community#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[USearch]: Intializations of ids in case self.ids is None by \u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: drop langsmith upper bound and release 0.3.26 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/127\"\u003elangchain-ai/langchain-community#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: replace invalid scenexplain algorithm by \u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003einfra: specify pyopenssl in extended test deps by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/80\"\u003elangchain-ai/langchain-community#80\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: deprecate Tavily tools in favor of langchain-tavily implementation by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/79\"\u003elangchain-ai/langchain-community#79\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecating hugging face implementation in langchain_community by \u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003evectorstores[azure_search]: fix regression in 0.3.24  by \u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: Add cost data for aws bedrock claude 4 series models by \u003ca href=\"https://github.com/AsifMehmood97\"\u003e\u003ccode\u003e@​AsifMehmood97\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/83\"\u003elangchain-ai/langchain-community#83\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove no-untyped-def escapes by \u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add search endpoint for Firecrawl Integration by \u003ca href=\"https://github.com/ftonato\"\u003e\u003ccode\u003e@​ftonato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/87\"\u003elangchain-ai/langchain-community#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: ssl verification should be enabled by default everywhere by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/75\"\u003elangchain-ai/langchain-community#75\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle image of size 0 bytes in PyPDFParser by \u003ca href=\"https://github.com/soucosmo\"\u003e\u003ccode\u003e@​soucosmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/84\"\u003elangchain-ai/langchain-community#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add depandabot config by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/90\"\u003elangchain-ai/langchain-community#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHarden Azure ML url validation by \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/88\"\u003elangchain-ai/langchain-community#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update readme by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/95\"\u003elangchain-ai/langchain-community#95\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epatch: sanitize file extension in HuggingFaceTextToSpeechModelInference by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/101\"\u003elangchain-ai/langchain-community#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: telegram multiformat by \u003ca href=\"https://github.com/jerryyf\"\u003e\u003ccode\u003e@​jerryyf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/89\"\u003elangchain-ai/langchain-community#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: release 0.3.25 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/86\"\u003elangchain-ai/langchain-community#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/langchain-ai/langchain-community/commits/libs/community/v0.3.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml-html-clean` from 0.3.1 to 0.4.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst\"\u003elxml-html-clean's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.4.4 (2026-02-26)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where Unicode escapes in CSS were not properly decoded\nbefore security checks. This prevents attackers from bypassing filters\nusing escape sequences. (CVE-2026-28348)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tags could be used for URL\nhijacking attacks. The \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tag is now automatically removed\nwhenever the \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e tag is removed (via \u003ccode\u003epage_structure=True\u003c/code\u003e\nor manual configuration), as \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e must be inside \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e\naccording to HTML specifications. (CVE-2026-28350)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.3 (2025-10-02)\u003c/h1\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTests updated to work correctly with new lxml and libxml2 releases.\u003c/li\u003e\n\u003cli\u003ePython 3.6 and 3.7 are no longer tested.\u003c/li\u003e\n\u003cli\u003eImproved documentation about CSS removal behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.2 (2025-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elxml_html_clean\u003c/code\u003e now correctly handles HTML input as bytes\nas it did before the 0.2.0 release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.1 (2024-11-15)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved superfluous debug prints.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.0 (2024-11-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eCleaner()\u003c/code\u003e now scans for hidden JavaScript code embedded\nwithin CSS comments. In certain contexts, such as within \u003ccode\u003e\u0026lt;svg\u0026gt;\u003c/code\u003e or \u003ccode\u003e\u0026lt;math\u0026gt;\u003c/code\u003e tags,\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/fd10d79cf8a4d4a962e139aee6d02dec02b2de7c\"\u003e\u003ccode\u003efd10d79\u003c/code\u003e\u003c/a\u003e Add more tests for different combinations of backslashes and unicode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/5b7e2288d9e5bda81d1fcf6a4feaed362534899e\"\u003e\u003ccode\u003e5b7e228\u003c/code\u003e\u003c/a\u003e Restore the removal of all backslashes from styles after decoding of unicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/88da8f9e679190ae06f1238106dd9fbd1d87bfbb\"\u003e\u003ccode\u003e88da8f9\u003c/code\u003e\u003c/a\u003e Prepare release 0.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\"\u003e\u003ccode\u003e9c5612c\u003c/code\u003e\u003c/a\u003e Remove \u0026lt;base\u0026gt; tags to prevent URL hijacking attacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/2ef732667ddbc74ea59847bcf24b75809aaeed3b\"\u003e\u003ccode\u003e2ef7326\u003c/code\u003e\u003c/a\u003e Implement unicode escape decoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/7c854afd949ff82cc6e81a666962e07b739706cf\"\u003e\u003ccode\u003e7c854af\u003c/code\u003e\u003c/a\u003e Add missing Python 3.14 to classifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/80cebf7156449bd48d2d6106a70c7442874fa1f9\"\u003e\u003ccode\u003e80cebf7\u003c/code\u003e\u003c/a\u003e Continue using the package link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/1cef82e0647549b901452f45396ded8e6b2bceab\"\u003e\u003ccode\u003e1cef82e\u003c/code\u003e\u003c/a\u003e Update safe sanitizer recommendation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/79f35f4b7542bf87286b45764a7b0bdf6830bb36\"\u003e\u003ccode\u003e79f35f4\u003c/code\u003e\u003c/a\u003e CI: Drop Python 3.8, add 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/fab1dd4a23cbad1cdd4f2cebd2d6cae1130565bd\"\u003e\u003ccode\u003efab1dd4\u003c/code\u003e\u003c/a\u003e Release 0.4.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/compare/0.3.1...0.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.22.0 to 1.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis release brings us up to speed with the latest MCP spec \u003ccode\u003e2025-11-25\u003c/code\u003e. Take a look at the \u003ca href=\"https://modelcontextprotocol.io/specification/2025-11-25\"\u003elatest spec\u003c/a\u003e as well as the release \u003ca href=\"https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/\"\u003eblog post.\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for JSON Schema 2020-12 field preservation (SEP-1613) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1649\"\u003emodelcontextprotocol/python-sdk#1649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd client_secret_basic authentication support by \u003ca href=\"https://github.com/jonshea\"\u003e\u003ccode\u003e@​jonshea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1334\"\u003emodelcontextprotocol/python-sdk#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1577 - Sampling With Tools by \u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by \u003ca href=\"https://github.com/chughtapan\"\u003e\u003ccode\u003e@​chughtapan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1246\"\u003emodelcontextprotocol/python-sdk#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[auth][conformance] add conformance auth client by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1640\"\u003emodelcontextprotocol/python-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-986: Tool name validation by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1655\"\u003emodelcontextprotocol/python-sdk#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url for spec by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1659\"\u003emodelcontextprotocol/python-sdk#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: implement SEP-991 URL-based client ID (CIMD) support by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1652\"\u003emodelcontextprotocol/python-sdk#1652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate doc string on custom_route by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1660\"\u003emodelcontextprotocol/python-sdk#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1036: URL mode elicitation for secure out-of-band interactions by \u003ca href=\"https://github.com/cbcoutinho\"\u003e\u003ccode\u003e@​cbcoutinho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1580\"\u003emodelcontextprotocol/python-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip empty SSE data to avoid parsing errors by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1670\"\u003emodelcontextprotocol/python-sdk#1670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1686: Tasks by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1645\"\u003emodelcontextprotocol/python-sdk#1645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd on_session_created callback option by \u003ca href=\"https://github.com/crondinini-ant\"\u003e\u003ccode\u003e@​crondinini-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1710\"\u003emodelcontextprotocol/python-sdk#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SSE polling support (SEP-1699) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1654\"\u003emodelcontextprotocol/python-sdk#1654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport client_credentials flow with JWT and Basic auth by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1663\"\u003emodelcontextprotocol/python-sdk#1663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: backwards-compatible create_message overloads for SEP-1577 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1713\"\u003emodelcontextprotocol/python-sdk#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-enable DNS rebinding protection for localhost servers by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e  (d3a184119e4479ea6a63590bc41f01dc06e3fa99)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ehttps://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99\"\u003e\u003ccode\u003ed3a1841\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/fa851d93a2036a37cce73e098f7dbc80a6c48765\"\u003e\u003ccode\u003efa851d9\u003c/code\u003e\u003c/a\u003e feat: backwards-compatible create_message overloads for SEP-1577 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1713\"\u003e#1713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f82b0c937178815c1e96460455778578050c6d1a\"\u003e\u003ccode\u003ef82b0c9\u003c/code\u003e\u003c/a\u003e Support client_credentials flow with JWT and Basic auth (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1663\"\u003e#1663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/281fd4765e0fc2efaf2039d248c3bc0698416a8a\"\u003e\u003ccode\u003e281fd47\u003c/code\u003e\u003c/a\u003e Add SSE polling support (SEP-1699) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/2cd178a962ab454e3add228ecd721784b7b36e99\"\u003e\u003ccode\u003e2cd178a\u003c/code\u003e\u003c/a\u003e Add on_session_created callback option (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1710\"\u003e#1710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/c92bb2f7ffaa61813d7cc350887f4ece38307769\"\u003e\u003ccode\u003ec92bb2f\u003c/code\u003e\u003c/a\u003e SEP-1686: Tasks (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/5983a650cc07d2dc6c6ba098e99d3545889157a9\"\u003e\u003ccode\u003e5983a65\u003c/code\u003e\u003c/a\u003e Skip empty SSE data to avoid parsing errors (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/02b78899296ce3631565345501e3d956b83ffe94\"\u003e\u003ccode\u003e02b7889\u003c/code\u003e\u003c/a\u003e Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/27279bc157cbc03f7fe7758fd55a4b34c5652f42\"\u003e\u003ccode\u003e27279bc\u003c/code\u003e\u003c/a\u003e Update doc string on custom_route (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f22501315eab5b8358c603ac7f730f77bb09e4c4\"\u003e\u003ccode\u003ef225013\u003c/code\u003e\u003c/a\u003e feat: implement SEP-991 URL-based client ID (CIMD) support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1652\"\u003e#1652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 3.5.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.5.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.0.0 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/cod...\n\n_Description has been truncated_","html_url":"https://github.com/adrianwedd/agent-zero/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/adrianwedd%2Fagent-zero/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4435808055","node_id":"PR_kwDOPH0zDM7bAf0s","number":44,"state":"open","title":"chore(deps): bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-13T07:26:16.000Z","updated_at":"2026-05-13T07:27:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/imShakil/pacli/pull/44","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/imShakil%2Fpacli/issues/44","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/44/packages"},{"uuid":"4426287980","node_id":"PR_kwDORUQzts7ahpIl","number":77,"state":"open","title":"chore(deps): update paramiko requirement from \u003e=4.0 to \u003e=5.0.0","user":"dependabot[bot]","labels":["security"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T04:49:12.000Z","updated_at":"2026-05-12T04:49:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"paramiko","old_version":"\u003e=4.0","new_version":"\u003e=5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [paramiko](https://github.com/paramiko/paramiko) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ToastyToast25/sims4-updater/pull/77","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToastyToast25%2Fsims4-updater/issues/77","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/77/packages"},{"uuid":"4425477399","node_id":"PR_kwDOLUZHI87afD1j","number":474,"state":"open","title":"Bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["python","dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T01:27:21.000Z","updated_at":"2026-05-12T01:28:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/edwardtheharris/dotfiles/pull/474","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/edwardtheharris%2Fdotfiles/issues/474","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/474/packages"},{"uuid":"4425200543","node_id":"PR_kwDODfw7tM7aeK-n","number":6076,"state":"open","title":"build(deps): bump the uv group across 6 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","no-pr-activity","authorized","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T00:12:01.000Z","updated_at":"2026-06-14T19:34:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":6,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pip","old_version":"26.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the uv group with 1 update in the /docker/base/v1 directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /docker/base/v2 directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 4 updates in the /docker/pytorch/cpu directory: [urllib3](https://github.com/urllib3/urllib3), [paramiko](https://github.com/paramiko/paramiko), [pip](https://github.com/pypa/pip) and [python-multipart](https://github.com/Kludex/python-multipart).\nBumps the uv group with 5 updates in the /docker/pytorch/cuda directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n\nBumps the uv group with 1 update in the /docker/ray directory: [pip](https://github.com/pypa/pip).\nBumps the uv group with 4 updates in the /docker/xgboost directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [paramiko](https://github.com/paramiko/paramiko) and [protobuf](https://github.com/protocolbuffers/protobuf).\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/26.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f2...\n\n_Description has been truncated_","html_url":"https://github.com/aws/deep-learning-containers/pull/6076","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Fdeep-learning-containers/issues/6076","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6076/packages"},{"uuid":"4424853266","node_id":"PR_kwDOAjzavs7adCSF","number":5450,"state":"open","title":"Build(deps): Bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T22:53:10.000Z","updated_at":"2026-05-11T23:00:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Netflix/lemur/pull/5450","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Netflix%2Flemur/issues/5450","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5450/packages"},{"uuid":"4424633934","node_id":"PR_kwDOCZ34ec7acVt1","number":44362,"state":"closed","title":"Bump paramiko from 4.0.0 to 5.0.0 in /docker/tidy","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-13T05:12:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T22:08:20.000Z","updated_at":"2026-05-13T05:12:48.000Z","time_to_close":111866,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/docker/tidy","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/demisto/dockerfiles/pull/44362","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/demisto%2Fdockerfiles/issues/44362","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/44362/packages"},{"uuid":"4423382488","node_id":"PR_kwDORWyoVM7aYO48","number":47,"state":"closed","title":"Bump the uv group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-21T08:11:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T18:43:36.000Z","updated_at":"2026-05-21T08:11:28.000Z","time_to_close":826062,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":2,"packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the /gitlab directory: [paramiko](https://github.com/paramiko/paramiko) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pamosima/netops-stack/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pamosima/netops-stack/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pamosima%2Fnetops-stack/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4416469988","node_id":"PR_kwDOSGfDCM7aB_0h","number":120,"state":"open","title":"chore(deps): bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["Review effort 1/5"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T18:34:32.000Z","updated_at":"2026-05-10T18:36:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"### **User description**\nBumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\n___\n\n### **PR Type**\nOther\n\n\n___\n\n### **Description**\n- paramiko 4.0.0에서 5.0.0으로 메이저 버전 업데이트\n\n- `collector/requirements.txt` 프로덕션 의존성 버전 변경\n\n\n___\n\n\n\n\u003cdetails\u003e \u003csummary\u003e\u003ch3\u003e File Walkthrough\u003c/h3\u003e\u003c/summary\u003e\n\n\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003e\u003c/th\u003e\u003cth align=\"left\"\u003eRelevant files\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eDependencies\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003ctable\u003e\n\u003ctr\u003e\n  \u003ctd\u003e\n    \u003cdetails\u003e\n      \u003csummary\u003e\u003cstrong\u003erequirements.txt\u003c/strong\u003e\u003cdd\u003e\u003ccode\u003eparamiko 의존성 메이저 버전 5.0.0으로 업데이트\u003c/code\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/dd\u003e\u003c/summary\u003e\n\u003chr\u003e\n\ncollector/requirements.txt\n\n\u003cul\u003e\u003cli\u003eFortiGate SSH 연결용 paramiko 라이브러리 버전을 4.0.0에서 5.0.0으로 상향 조정\u003cbr\u003e \u003cli\u003e 프로덕션 의존성의 메이저 버전 업그레이드 반영\u003c/ul\u003e\n\n\n\u003c/details\u003e\n\n\n  \u003c/td\u003e\n  \u003ctd\u003e\u003ca href=\"https://github.com/jclee941/blacklist/pull/120/files#diff-b5b1d8398b9269ce1fc6b75ffaeca45070b31ff0f8b6424f77a34f3e37d6b7a6\"\u003e+1/-1\u003c/a\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/td\u003e\n\n\u003c/tr\u003e\n\u003c/table\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003c/details\u003e\n\n___\n\n","html_url":"https://github.com/jclee941/blacklist/pull/120","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jclee941%2Fblacklist/issues/120","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/120/packages"},{"uuid":"4414336626","node_id":"PR_kwDOSZGdxc7Z7rEM","number":11,"state":"closed","title":"build(deps): bump the pip group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-10T20:08:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-10T01:43:36.000Z","updated_at":"2026-05-10T20:09:07.000Z","time_to_close":66322,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":7,"packages":[{"name":"pytest","old_version":"7.4.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"pymysql","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/PyMySQL/PyMySQL"},{"name":"python-dotenv","old_version":"1.0.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"pillow","old_version":"10.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"paramiko","old_version":"3.4.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"scikit-learn","old_version":"1.4.0","new_version":"1.5.0","repository_url":"https://github.com/scikit-learn/scikit-learn"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 7 updates in the /04-配置文件 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.3` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.0` | `1.1.1` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.0` | `1.2.2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `10.1.0` | `12.2.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.4.0` | `5.0.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.4.0` | `1.5.0` |\n\n\nUpdates `pytest` from 7.4.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymysql` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/releases\"\u003epymysql's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis release fixes a vulnerability (CVE-2024-36039).\nAll users are recommended to update to this version.\u003c/p\u003e\n\u003cp\u003eIf you can not update soon, check the input value from untrusted source has an expected type.\nOnly dict input from untrusted source can be an attack vector.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit dict parameter for \u003ccode\u003eCursor.execute()\u003c/code\u003e. It didn't produce valid SQL\nand might cause SQL injection. (CVE-2024-36039)\u003c/li\u003e\n\u003cli\u003eAdded ssl_key_password param by \u003ca href=\"https://github.com/svaskov\"\u003e\u003ccode\u003e@​svaskov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1145\"\u003ePyMySQL/PyMySQL#1145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMerged PRs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12 by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1134\"\u003ePyMySQL/PyMySQL#1134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1136\"\u003ePyMySQL/PyMySQL#1136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate codecov/codecov-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1137\"\u003ePyMySQL/PyMySQL#1137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use codecov@v3 by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1142\"\u003ePyMySQL/PyMySQL#1142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dessant/lock-threads action to v5 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1141\"\u003ePyMySQL/PyMySQL#1141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: use rtd theme by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1143\"\u003ePyMySQL/PyMySQL#1143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse Ruff as formatter by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1144\"\u003ePyMySQL/PyMySQL#1144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency sphinx-rtd-theme to v2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1147\"\u003ePyMySQL/PyMySQL#1147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-python action to v5 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1152\"\u003ePyMySQL/PyMySQL#1152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1154\"\u003ePyMySQL/PyMySQL#1154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update codecov/codecov-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1158\"\u003ePyMySQL/PyMySQL#1158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport error packet without sqlstate by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1160\"\u003ePyMySQL/PyMySQL#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest json - mariadb without JSON type by \u003ca href=\"https://github.com/grooverdan\"\u003e\u003ccode\u003e@​grooverdan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1165\"\u003ePyMySQL/PyMySQL#1165\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1134\"\u003ePyMySQL/PyMySQL#1134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/svaskov\"\u003e\u003ccode\u003e@​svaskov\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1145\"\u003ePyMySQL/PyMySQL#1145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md\"\u003epymysql's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003cp\u003eRelease date: 2024-05-21\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis release fixes a vulnerability (CVE-2024-36039).\nAll users are recommended to update to this version.\u003c/p\u003e\n\u003cp\u003eIf you can not update soon, check the input value from\nuntrusted source has an expected type. Only dict input\nfrom untrusted source can be an attack vector.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit dict parameter for \u003ccode\u003eCursor.execute()\u003c/code\u003e. It didn't produce valid SQL\nand might cause SQL injection. (CVE-2024-36039)\u003c/li\u003e\n\u003cli\u003eAdded ssl_key_password param. \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1145\"\u003e#1145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/2cab9ecc641e962565c6254a5091f90c47f59b35\"\u003e\u003ccode\u003e2cab9ec\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c\"\u003e\u003ccode\u003e521e400\u003c/code\u003e\u003c/a\u003e forbid dict parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/7f032a699d55340f05101deb4d7d4f63db4adc11\"\u003e\u003ccode\u003e7f032a6\u003c/code\u003e\u003c/a\u003e remove coveralls from requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/69f6c7439bee14784e0ea70ae107af6446cc0c67\"\u003e\u003ccode\u003e69f6c74\u003c/code\u003e\u003c/a\u003e ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/b4ed6884a1105df0a27f948f52b3e81d5585634f\"\u003e\u003ccode\u003eb4ed688\u003c/code\u003e\u003c/a\u003e test json - mariadb without JSON type (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1165\"\u003e#1165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/bbd049f40db9c696574ce6f31669880042c56d79\"\u003e\u003ccode\u003ebbd049f\u003c/code\u003e\u003c/a\u003e Support error packet without sqlstate (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1160\"\u003e#1160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/9694747ae619e88b792a8e0b4c08036572452584\"\u003e\u003ccode\u003e9694747\u003c/code\u003e\u003c/a\u003e pyupgrade\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/1f0b7856de4008e7e4c1e8c1b215d5d4dfaecd1a\"\u003e\u003ccode\u003e1f0b785\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v4 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1158\"\u003e#1158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/1e28be81c24dde66f8acbf4c5e24f60d6b5e72e7\"\u003e\u003ccode\u003e1e28be8\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v3 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/f13f054abcc18b39855a760a84be0a517f0da658\"\u003e\u003ccode\u003ef13f054\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-python action to v5 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 10.1.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst\"\u003epillow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog (Pillow)\u003c/h1\u003e\n\u003ch2\u003e11.1.0 and newer\u003c/h2\u003e\n\u003cp\u003eSee GitHub Releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003ehttps://github.com/python-pillow/Pillow/releases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.0.0 (2024-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate licence to MIT-CMU \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8460\"\u003e#8460\u003c/a\u003e\n[hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConditionally define ImageCms type hint to avoid requiring core \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8197\"\u003e#8197\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport writing LONG8 offsets in AppendingTiffWriter \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8417\"\u003e#8417\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImageFile.MAXBLOCK when saving TIFF images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8461\"\u003e#8461\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not close provided file handles with libtiff when saving \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8458\"\u003e#8458\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport ImageFilter.BuiltinFilter for I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8438\"\u003e#8438\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImagingCore.ptr instead of ImagingCore.id \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8341\"\u003e#8341\u003c/a\u003e\n[homm, radarhere, hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated EPS mode when opening images without transparency \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8281\"\u003e#8281\u003c/a\u003e\n[Yay295, radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse transparency when combining P frames from APNGs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8443\"\u003e#8443\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport all resampling filters when resizing I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8422\"\u003e#8422\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree memory on early return \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8413\"\u003e#8413\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCast int before potentially exceeding INT_MAX \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8402\"\u003e#8402\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/10.1.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 3.4.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.4.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.4.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.4.0...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Wool-xing/Test-Agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Wool-xing/Test-Agent/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wool-xing%2FTest-Agent/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4411019671","node_id":"PR_kwDOKqBlQc7ZxYdM","number":344,"state":"open","title":"chore(deps-dev): bump paramiko from 3.5.1 to 4.0.0 in /plugins/evidence","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T04:01:43.000Z","updated_at":"2026-05-09T04:03:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"paramiko","old_version":"3.5.1","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/plugins/evidence","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 3.5.1 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.5.1...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=3.5.1\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CybercentreCanada/howler/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/CybercentreCanada/howler/pull/344","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fhowler/issues/344","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/344/packages"},{"uuid":"4410470248","node_id":"PR_kwDOAWv0gc7Zvkxf","number":1381,"state":"open","title":"Bump paramiko from 2.12.0 to 4.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T01:19:37.000Z","updated_at":"2026-05-10T01:20:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"2.12.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.12.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/2.12.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=2.12.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/scalyr/scalyr-agent-2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/scalyr/scalyr-agent-2/pull/1381","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/scalyr%2Fscalyr-agent-2/issues/1381","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1381/packages"},{"uuid":"4410416070","node_id":"PR_kwDOA6E0bc7ZvY8V","number":7,"state":"closed","title":"Bump paramiko from 2.8.0 to 4.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-10T12:02:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T01:05:59.000Z","updated_at":"2026-05-10T12:02:45.000Z","time_to_close":125803,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"2.8.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.8.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/2.8.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=2.8.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cloud-bulldozer/browbeat/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/cloud-bulldozer/browbeat/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-bulldozer%2Fbrowbeat/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4410042286","node_id":"PR_kwDOQ0lgx87ZuJE1","number":106,"state":"open","title":"Bump paramiko from 2.12.0 to 4.0.0 in /python","user":"dependabot[bot]","labels":["dependencies","python","stale"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T23:28:44.000Z","updated_at":"2026-06-06T03:01:19.732Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"2.12.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/python","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.12.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/2.12.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=2.12.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/heygen-com/ray/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/heygen-com/ray/pull/106","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/heygen-com%2Fray/issues/106","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/106/packages"},{"uuid":"4409996780","node_id":"PR_kwDOCDmCAs7Zt_WC","number":34,"state":"closed","title":"Bump paramiko from 1.10.0 to 4.0.0 in /testing/mozharness","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T01:13:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T23:17:26.000Z","updated_at":"2026-05-09T01:13:22.000Z","time_to_close":6948,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"1.10.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/testing/mozharness","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 1.10.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/1.10.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=1.10.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/roytam1/fx-vc2013/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/roytam1/fx-vc2013/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/roytam1%2Ffx-vc2013/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}],"issue_packages":[{"old_version":"3.5.1","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-29T22:37:46.000Z","version_change":"3.5.1 → 5.0.0","issue":{"uuid":"4552046873","node_id":"PR_kwDOHKRx287g0-Gj","number":551,"state":"open","title":"Bump paramiko from 3.5.1 to 5.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T22:37:46.000Z","updated_at":"2026-05-30T01:36:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"3.5.1","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [paramiko](https://github.com/paramiko/paramiko) from 3.5.1 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.5.1...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=3.5.1\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/burakince/mlflow/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/burakince/mlflow/pull/551","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/burakince%2Fmlflow/issues/551","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/551/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-22T05:26:07.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4500080464","node_id":"PR_kwDOLzxzKM7eNvd4","number":342,"state":"open","title":"chore(deps): bump the dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":["matmair"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T05:26:07.000Z","updated_at":"2026-05-22T05:28:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"dependencies","update_count":45,"packages":[{"name":"bleach","old_version":"4.1.0","new_version":"6.3.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"blessed","old_version":"1.38.0","new_version":"1.39.0","repository_url":"https://github.com/jquast/blessed"},{"name":"boto3","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.96","new_version":"1.43.8","repository_url":"https://github.com/boto/botocore"},{"name":"cryptography","old_version":"47.0.0","new_version":"48.0.0","repository_url":"https://github.com/pyca/cryptography"},{"name":"django","old_version":"5.2.13","new_version":"6.0.5","repository_url":"https://github.com/django/django"},{"name":"django-allauth","old_version":"65.14.3","new_version":"65.16.1","repository_url":"https://github.com/sponsors/pennersr"},{"name":"django-otp","old_version":"1.3.0","new_version":"1.7.0","repository_url":"https://github.com/django-otp/django-otp"},{"name":"django-q2","old_version":"1.9.0","new_version":"1.10.0","repository_url":"https://github.com/GDay/django-q2"},{"name":"dulwich","old_version":"1.2.0","new_version":"1.2.1","repository_url":"https://github.com/dulwich/dulwich"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"googleapis-common-protos","old_version":"1.74.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"gunicorn","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"icalendar","old_version":"7.0.3","new_version":"7.1.0","repository_url":"https://github.com/collective/icalendar"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"importlib-metadata","old_version":"8.7.1","new_version":"9.0.0","repository_url":"https://github.com/python/importlib_metadata"},{"name":"nh3","old_version":"0.3.4","new_version":"0.3.5","repository_url":"https://github.com/messense/nh3"},{"name":"opentelemetry-exporter-otlp-proto-common","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-grpc","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-exporter-otlp-proto-http","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-instrumentation","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-instrumentation-dbapi","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"opentelemetry-proto","old_version":"1.40.0","new_version":"1.41.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-semantic-conventions","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"opentelemetry-util-http","old_version":"0.61b0","new_version":"0.62b1","repository_url":"https://github.com/open-telemetry/opentelemetry-python-contrib"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"protobuf","old_version":"6.33.6","new_version":"7.34.1","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.11.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"s3transfer","old_version":"0.16.1","new_version":"0.17.0","repository_url":"https://github.com/boto/s3transfer"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.60.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wrapt","old_version":"1.17.3","new_version":"2.1.2","repository_url":"https://github.com/GrahamDumpleton/wrapt"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.0","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"django-stubs","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"django-stubs-ext","old_version":"6.0.3","new_version":"6.0.4","repository_url":"https://github.com/typeddjango/django-stubs"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"pip","old_version":"26.1","new_version":"26.1.1","repository_url":"https://github.com/pypa/pip"},{"name":"pytest-codspeed","old_version":"4.4.0","new_version":"5.0.2","repository_url":"https://github.com/CodSpeedHQ/pytest-codspeed"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.3.1","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"ty","old_version":"0.0.1a21","new_version":"0.0.35","repository_url":"https://github.com/astral-sh/ty"},{"name":"types-psycopg2","old_version":"2.9.21.20260422","new_version":"2.9.21.20260509","repository_url":"https://github.com/python/typeshed"},{"name":"types-pyyaml","old_version":"6.0.12.20260408","new_version":"6.0.12.20260510","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.2.4","new_version":"21.3.3","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 45 updates in the /src/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bleach](https://github.com/mozilla/bleach) | `4.1.0` | `6.3.0` |\n| [blessed](https://github.com/jquast/blessed) | `1.38.0` | `1.39.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.96` | `1.43.8` |\n| [botocore](https://github.com/boto/botocore) | `1.42.96` | `1.43.8` |\n| [cryptography](https://github.com/pyca/cryptography) | `47.0.0` | `48.0.0` |\n| [django](https://github.com/django/django) | `5.2.13` | `6.0.5` |\n| [django-allauth](https://github.com/sponsors/pennersr) | `65.14.3` | `65.16.1` |\n| [django-otp](https://github.com/django-otp/django-otp) | `1.3.0` | `1.7.0` |\n| [django-q2](https://github.com/GDay/django-q2) | `1.9.0` | `1.10.0` |\n| [dulwich](https://github.com/dulwich/dulwich) | `1.2.0` | `1.2.1` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.74.0` | `1.75.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.3.0` | `26.0.0` |\n| [icalendar](https://github.com/collective/icalendar) | `7.0.3` | `7.1.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.15` |\n| [importlib-metadata](https://github.com/python/importlib_metadata) | `8.7.1` | `9.0.0` |\n| [nh3](https://github.com/messense/nh3) | `0.3.4` | `0.3.5` |\n| [opentelemetry-exporter-otlp-proto-common](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-grpc](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-exporter-otlp-proto-http](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-instrumentation](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-instrumentation-dbapi](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [opentelemetry-proto](https://github.com/open-telemetry/opentelemetry-python) | `1.40.0` | `1.41.1` |\n| [opentelemetry-semantic-conventions](https://github.com/open-telemetry/opentelemetry-python) | `0.61b0` | `0.62b1` |\n| [opentelemetry-util-http](https://github.com/open-telemetry/opentelemetry-python-contrib) | `0.61b0` | `0.62b1` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.33.6` | `7.34.1` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.11.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.1` | `0.17.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.60.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wrapt](https://github.com/GrahamDumpleton/wrapt) | `1.17.3` | `2.1.2` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.0` |\n| [django-stubs](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [django-stubs-ext](https://github.com/typeddjango/django-stubs) | `6.0.3` | `6.0.4` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [pip](https://github.com/pypa/pip) | `26.1` | `26.1.1` |\n| [pytest-codspeed](https://github.com/CodSpeedHQ/pytest-codspeed) | `4.4.0` | `5.0.2` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.3.1` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.1a21` | `0.0.35` |\n| [types-psycopg2](https://github.com/python/typeshed) | `2.9.21.20260422` | `2.9.21.20260509` |\n| [types-pyyaml](https://github.com/python/typeshed) | `6.0.12.20260408` | `6.0.12.20260510` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.4` | `21.3.3` |\n\n\nUpdates `bleach` from 4.1.0 to 6.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.3.0 (October 27th, 2025)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.14. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix wbr handling. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.2.0 (October 29th, 2024)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.13. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove six depdenncy. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate known-good versions for tinycss2. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix additional \u0026lt; followed by characters and EOF issues. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 6.1.0 (October 6th, 2023)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/709\"\u003e#709\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eNone\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/710\"\u003e#710\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/5546d5dbce60d08ccb99d981778d74044d646d4e\"\u003e\u003ccode\u003e5546d5d\u003c/code\u003e\u003c/a\u003e chore: prep for 6.3.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/88df3ff23fb2a43e174b3fdfe9191ef516de868a\"\u003e\u003ccode\u003e88df3ff\u003c/code\u003e\u003c/a\u003e chore: fix readthedocs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d8b2fb45b2606515c58787c223d6605c6c70868f\"\u003e\u003ccode\u003ed8b2fb4\u003c/code\u003e\u003c/a\u003e fix: fix wbr handling (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/488\"\u003e#488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/55e48cedb20bda23940ab34753a1fb378d5d30b9\"\u003e\u003ccode\u003e55e48ce\u003c/code\u003e\u003c/a\u003e chore: add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/a4d6cddac6e338c3d6f84c755a5fcb32e9e18fba\"\u003e\u003ccode\u003ea4d6cdd\u003c/code\u003e\u003c/a\u003e chore: drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/756\"\u003e#756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/172d92faef543a83c6760c63c32749586cdd564b\"\u003e\u003ccode\u003e172d92f\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5.6.0 to 6.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/df88612f2e9daf8f4ee23cf0e29b712d9d9147b6\"\u003e\u003ccode\u003edf88612\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.2 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cbcf6b18d19aeb7777699f9385013d0a04052b68\"\u003e\u003ccode\u003ecbcf6b1\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.2.3 to 4.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/d9aa7ef592d57dda56e26ba31d06e1b279c58eca\"\u003e\u003ccode\u003ed9aa7ef\u003c/code\u003e\u003c/a\u003e Switch from dependabot reviewers to CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/06f0f76cc68112bda3fa101d1730d5ba914d54a1\"\u003e\u003ccode\u003e06f0f76\u003c/code\u003e\u003c/a\u003e Update setuptools, wheel, and twine for devs\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v4.1.0...v6.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `blessed` from 1.38.0 to 1.39.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/releases\"\u003eblessed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.17.9: Initial support for Python 3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: Now imports on 3.10+\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.15.0: Disable various integration tests, support python 3.7\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003e1.14.0: bugfix term.wrap for text containing newlines\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: term.wrap misbehaved for text containing newlines, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/74\"\u003e#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.13.0: new Terminal.split_seqs() function, speed enhancement\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method \u003ccode\u003eTerminal.split_seqs\u003c/code\u003e introduced, and 4x cost reduction in related sequence-aware functions, \u003ca href=\"https://redirect.github.com/jquast/blessed/issues/29\"\u003e#29\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003edeprecated: function \u003ccode\u003eblessed.sequences.measure_length\u003c/code\u003e superseded by \u003ccode\u003eblessed.sequences.iter_parse\u003c/code\u003e if necessary.\u003c/li\u003e\n\u003cli\u003edeprecated: warnings about \u0026quot;binary-packed capabilities\u0026quot; are no longer emitted on strange terminal types, making best effort.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.12.0: add Terminal.get_location() method\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eenhancement: method Terminal.get_location\u003ccode\u003ereturns the\u003c/code\u003e(row, col)`` position of the cursor at the time of call for attached terminal.\u003c/li\u003e\n\u003cli\u003eenhancement: a keyboard now detected as \u003cem\u003estdin\u003c/em\u003e when \u003ccode\u003estream\u003c/code\u003e is \u003ccode\u003esys.stderr\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquast/blessed/blob/master/docs/history.rst\"\u003eblessed's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e.. py:currentmodule:: blessed.terminal\u003c/p\u003e\n\u003ch1\u003eVersion History\u003c/h1\u003e\n\u003cp\u003e1.42\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: regression in :meth:\u003ccode\u003e~.Terminal.cbreak\u003c/code\u003e and :meth:\u003ccode\u003e~.Terminal.raw\u003c/code\u003e were not thread-safe\nbroken in versions 1.40 and 1.41, remove signal ignore of SIGTTOU :ghissue:\u003ccode\u003e380\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.41\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebugfix: :meth:\u003ccode\u003e~.Terminal.get_location\u003c/code\u003e broken in 1.40, returned a generator instead of a tuple.\n:ghissue:\u003ccode\u003e378\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.40\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: jinxed_ is \u003cstrong\u003enow required on all platforms\u003c/strong\u003e, providing a curses-free and\n\u003ccode\u003esingleton-free \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#singleton-free\u0026gt;\u003c/code\u003e_\nimplementation of the subset of curses_ used by blessed.  The jinxed_ 1.5.0 release provides a\nterminal \u003ccode\u003ecapability database \u0026lt;https://jinxed.readthedocs.io/en/stable/capabilities.html#database\u0026gt;\u003c/code\u003e of 45 terminals and their\ncommon aliases.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved: Class initialization of :class:\u003ccode\u003e~.Terminal()\u003c/code\u003e now uses \u003ccode\u003eXTGETTCAP\u003c/code\u003e_ to determine\npreferred terminal name \u003ccode\u003eTN\u003c/code\u003e, 24-bit color support \u003ccode\u003eRGB\u003c/code\u003e, number of colors \u003ccode\u003eCo\u003c/code\u003e, \u003ccode\u003eitalic\u003c/code\u003e,\nand \u003ccode\u003eblink\u003c/code\u003e capabilities.\u003c/p\u003e\n\u003cp\u003eThis improves detection of Terminal \u003ccode\u003ekind\u003c/code\u003e and \u003ccode\u003enumber_of_colors\u003c/code\u003e over protocols like serial\nthat cannot forward any environment variables or ssh that do not forward \u003ccode\u003eCOLORTERM\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eintroduced: A :exc:\u003ccode\u003eUserWarning\u003c/code\u003e is emitted when :meth:\u003ccode\u003e~.Terminal.__getattr__\u003c/code\u003e resolves an\nunknown terminal capability name, helping developers catch typos like \u003ccode\u003eterm.bld\u003c/code\u003e\n(missing \u003ccode\u003ebold\u003c/code\u003e).  The warning can be suppressed by setting the environment variable\n\u003ccode\u003eBLESSED_NOWARN_UNKNOWN_CAPS\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ebugfix: Fixed internal typo \u003ccode\u003esusimpleript\u003c/code\u003e to the correct terminfo name \u003ccode\u003essubm\u003c/code\u003e for the\n\u003ccode\u003eenter_susimpleript_mode\u003c/code\u003e capability.  This was previously masked by curses_ returning\nan empty string for unknown capabilities.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.39\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.progress_bar\u003c/code\u003e for \u003ccode\u003eOSC 9;4 sequence \u0026lt;https://ghostty.org/docs/vt/osc/conemu#change-progress-state-(osc-94)\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eintroduced: :meth:\u003ccode\u003e~.Terminal.text_sized\u003c/code\u003e -- wrap text in Kitty text sizing protocol (OSC 66)\nescape sequences, with graceful fallback to plain text when the terminal does not support\nthe protocol.\u003c/li\u003e\n\u003cli\u003eintroduced: :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e of name \u003ccode\u003eCPR_RESPONSE\u003c/code\u003e for asynchronous capture of Cursor\nPosition Report responses via :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e.  New argument\n\u003ccode\u003ecapture_cpr=True\u003c/code\u003e resolves the legacy F3 key ambiguity and matches against\n\u003ccode\u003eCPR_RESPONSE\u003c/code\u003e.  New properties :attr:\u003ccode\u003e~.Keystroke.cpr_yx\u003c/code\u003e and :attr:\u003ccode\u003e~.Keystroke.cpr_xy\u003c/code\u003e\nreturn the decoded cursor coordinates.  :ghpull:\u003ccode\u003e369\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.inkey\u003c/code\u003e raises :exc:\u003ccode\u003eEOFError\u003c/code\u003e when keyboard fd is at EOF, rather\nthan returning an empty :class:\u003ccode\u003e~.Keystroke\u003c/code\u003e.  :ghpull:\u003ccode\u003e371\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eimproved: :meth:\u003ccode\u003e~.Terminal.ljust\u003c/code\u003e, :meth:\u003ccode\u003e~.Terminal.rjust\u003c/code\u003e, and :meth:\u003ccode\u003e~.Terminal.center\u003c/code\u003e\nnow measure text containing hyperlinks, Kitty text sizing protocol sequences, and overtyping\n(backspace/cursor-left with painter's algorithm), introduced by wcwidth_ 0.7.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jquast/blessed/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/7a82579873d86998d560b8d06b3564c743918cd8\"\u003e\u003ccode\u003e7a82579\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/06a1d63a58620d394cc26a5e8582ed67eed3cb62\"\u003e\u003ccode\u003e06a1d63\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/2b6e7bd9d0d24c20f02df91f161ef2214fb53628\"\u003e\u003ccode\u003e2b6e7bd\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/e6aee5dccd2169966814e328eaebdd14b742a0e2\"\u003e\u003ccode\u003ee6aee5d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/05566d2cd7e3d191a37a663c842eb849418ae7e9\"\u003e\u003ccode\u003e05566d2\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/37e8136684e7107a6f7343770873a3630d347731\"\u003e\u003ccode\u003e37e8136\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4418d43f69ee005bf066dc5401b7cda83458c750\"\u003e\u003ccode\u003e4418d43\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/5e2df6190560507ab8ff05b4ea7712d0c4bfaf48\"\u003e\u003ccode\u003e5e2df61\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4787\"\u003e#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/81a86c9b8923634ee3e9f887c3f7f5e1e312d693\"\u003e\u003ccode\u003e81a86c9\u003c/code\u003e\u003c/a\u003e Add CI for 3.14t (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4786\"\u003e#4786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2ccf9f3738028afa9d5a6545e52f8520a31afe1\"\u003e\u003ccode\u003ef2ccf9f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.6'\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.96 to 1.43.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/bd1fb2372c4cecbc93a44be838bb4a38fd23c3ee\"\u003e\u003ccode\u003ebd1fb23\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d15b1246894c2be8ccaa8084abff4b6be9269f54\"\u003e\u003ccode\u003ed15b124\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b9f0f7fc6f0dc0541b14d8aadec4d92c64dc585f\"\u003e\u003ccode\u003eb9f0f7f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/ec174c1f3b8580736cbd783c9f79ed70cf9eb4c7\"\u003e\u003ccode\u003eec174c1\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/74501ceccf44a7def602007d2a870a17b7b742ec\"\u003e\u003ccode\u003e74501ce\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/d6831a55afbdfa2dc51314e73997ce89dc533836\"\u003e\u003ccode\u003ed6831a5\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.7' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0e63dbed5a6270383200219af4a55e41f08ae72d\"\u003e\u003ccode\u003e0e63dbe\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/840e09fa3d9c0bd4b84601bdd1bb34e1ea2beb57\"\u003e\u003ccode\u003e840e09f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8228777f8858256515a6875366425acdc74b1c41\"\u003e\u003ccode\u003e8228777\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b63fa4bfc0587ca55a8684d18a82b86904ab234e\"\u003e\u003ccode\u003eb63fa4b\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.96...1.43.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 47.0.0 to 48.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e48.0.0 - 2026-05-04\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.\n  ``cryptography`` now requires Python 3.9 or later.\n* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner\n  ``TBSCertList.signature`` algorithm does not match the outer\n  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs\n  were parsed successfully and only rejected during signature validation.\n* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and\n  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or\n  later, in addition to the existing AWS-LC and BoringSSL support. This means\n  post-quantum algorithms are now available to users of our wheels.\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Going forward, we do not guarantee that all functionality\u003cbr /\u003e\nin \u003ccode\u003ecryptography\u003c/code\u003e will be available when building against\u003cbr /\u003e\nOpenSSL. See :doc:\u003ccode\u003e/statements/state-of-openssl\u003c/code\u003e for more information.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v47-0-0:\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d\"\u003e\u003ccode\u003e8e03e30\u003c/code\u003e\u003c/a\u003e bump for 48.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14796\"\u003e#14796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71\"\u003e\u003ccode\u003e295e0d2\u003c/code\u003e\u003c/a\u003e Add AGENTS.md with CLAUDE.md symlink (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14794\"\u003e#14794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8\"\u003e\u003ccode\u003e104a2de\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14793\"\u003e#14793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926\"\u003e\u003ccode\u003e67ec1e5\u003c/code\u003e\u003c/a\u003e call check_length early on AesSiv::encrypt (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14792\"\u003e#14792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26\"\u003e\u003ccode\u003eb2da57a\u003c/code\u003e\u003c/a\u003e changelog for mldsa/mlkem for openssl (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14791\"\u003e#14791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0\"\u003e\u003ccode\u003e3cf44ad\u003c/code\u003e\u003c/a\u003e ML-KEM OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14781\"\u003e#14781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83\"\u003e\u003ccode\u003e2e31639\u003c/code\u003e\u003c/a\u003e ML-DSA OpenSSL support (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14773\"\u003e#14773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3\"\u003e\u003ccode\u003e5affe5a\u003c/code\u003e\u003c/a\u003e fix rust nightly clippy (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14790\"\u003e#14790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec\"\u003e\u003ccode\u003e2e73ca4\u003c/code\u003e\u003c/a\u003e bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466\"\u003e\u003ccode\u003e82ebd3b\u003c/code\u003e\u003c/a\u003e Bump BoringSSL, OpenSSL, AWS-LC in CI (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14785\"\u003e#14785\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/47.0.0...48.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django` from 5.2.13 to 6.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8f8ad09659d728423a00e0a3b5f16da5c3a38e24\"\u003e\u003ccode\u003e8f8ad09\u003c/code\u003e\u003c/a\u003e [6.0.x] Bumped version for 6.0.5 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/44ad76efcbe3c4ca0f08bb9dabe916f6374596c9\"\u003e\u003ccode\u003e44ad76e\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-6907 -- Prevented caching of requests when Vary header...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/1b0184aa657bc3f5859aeb0206e7c1e94e48b103\"\u003e\u003ccode\u003e1b0184a\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-35192 -- Ensured Vary header is sent when setting sess...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/ad8f9e19e0897ea45ded7c046ff28daf6f773e92\"\u003e\u003ccode\u003ead8f9e1\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed CVE-2026-5766 -- Enforced DATA_UPLOAD_MAX_MEMORY_SIZE in Memory...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/990ab01e70fd8f55e867b4a234c0ee242fd33fec\"\u003e\u003ccode\u003e990ab01\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37039\"\u003e#37039\u003c/a\u003e -- Removed outdated note from QuerySet.iterator() docs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/f0c269f285ab58bfb4a120141d7dd41ff4f42b45\"\u003e\u003ccode\u003ef0c269f\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed typo in stub release notes for 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8bcd15beeff6542acc381b83f50b061d62284c2b\"\u003e\u003ccode\u003e8bcd15b\u003c/code\u003e\u003c/a\u003e [6.0.x] Fixed \u003ca href=\"https://redirect.github.com/django/django/issues/37067\"\u003e#37067\u003c/a\u003e -- Added trailing slash in django_file_prefixes().\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/3cdec6454fb86e8d03a06944c0c68025733ed93f\"\u003e\u003ccode\u003e3cdec64\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs CVE-2026-25674 -- Clarified role of umask in upload permissions.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/5dd5c70cf1056e8e04badb687f773e8f16bba257\"\u003e\u003ccode\u003e5dd5c70\u003c/code\u003e\u003c/a\u003e [6.0.x] Added stub release notes and release date for 6.0.5 and 5.2.14.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django/django/commit/8ee73415270a1a54daaec9bb529ad82c6f7a6d4c\"\u003e\u003ccode\u003e8ee7341\u003c/code\u003e\u003c/a\u003e [6.0.x] Refs \u003ca href=\"https://redirect.github.com/django/django/issues/373\"\u003e#373\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/django/django/issues/34122\"\u003e#34122\u003c/a\u003e -- Removed warning that ForeignObject is an interna...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django/django/compare/5.2.13...6.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-allauth` from 65.14.3 to 65.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sponsors/pennersr/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-otp` from 1.3.0 to 1.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-otp/django-otp/blob/master/CHANGES.rst\"\u003edjango-otp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.0 - January 07, 2026 - Async support\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#185](https://github.com/django-otp/django-otp/issues/185)\u003c/code\u003e_: Make OTPMiddleware async capable\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Aljosha Papsch.\u003c/p\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/185\"\u003edjango-otp/django-otp#185\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.3 - October 25, 2025 - Spanish update\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#182](https://github.com/django-otp/django-otp/issues/182)\u003c/code\u003e_: Correct missing Spanish translations\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#181](https://github.com/django-otp/django-otp/issues/181)\u003c/code\u003e_: Wrong :rtype: in StaticToken.random_token docstring\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003edjango-otp/django-otp#181\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/182\"\u003e#182\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/182\"\u003edjango-otp/django-otp#182\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.2 - October 21, 2025 - Cleanup\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#179](https://github.com/django-otp/django-otp/issues/179)\u003c/code\u003e_: Add missing gettext strings\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[#180](https://github.com/django-otp/django-otp/issues/180)\u003c/code\u003e_: Remove tests from wheels\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/179\"\u003e#179\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/179\"\u003edjango-otp/django-otp#179\u003c/a\u003e\n.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/180\"\u003e#180\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/180\"\u003edjango-otp/django-otp#180\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.6.1 - July 08, 2025 - Small improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow a {token} placeholder in :setting:\u003ccode\u003eOTP_EMAIL_SUBJECT\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.6.0 - April 02, 2025 - Django 5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate test matrix for Django 5.2.\u003c/li\u003e\n\u003cli\u003eRemove support for Django 3.2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.5.4 - September 06, 2024 - Ignore proxy models when enumerating device classes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[#161](https://github.com/django-otp/django-otp/issues/161)\u003c/code\u003e_: Discard proxied models when iterating device models\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/161\"\u003e#161\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/django-otp/django-otp/pull/161\"\u003edjango-otp/django-otp#161\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/fc0d50b6f66da10fad250ce1640f0385f3229f48\"\u003e\u003ccode\u003efc0d50b\u003c/code\u003e\u003c/a\u003e Version 1.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/56e4ce3b5618de5d5a8a24c9eb709b51802ad06b\"\u003e\u003ccode\u003e56e4ce3\u003c/code\u003e\u003c/a\u003e Refactor test utilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/8c4d4c23649316c55dad6a79fb06fa975e5e4702\"\u003e\u003ccode\u003e8c4d4c2\u003c/code\u003e\u003c/a\u003e Update test matrix for Django 6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/0ac4ff33aa88fa73c12aa60713881481116a6d5f\"\u003e\u003ccode\u003e0ac4ff3\u003c/code\u003e\u003c/a\u003e Cleanup and changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b10df0d8cb94c8242ca48bbcea3d307b553808a5\"\u003e\u003ccode\u003eb10df0d\u003c/code\u003e\u003c/a\u003e Make OTPMiddleware async capable. (\u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/185\"\u003e#185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/81211794b8cc9c8befc6c8330b6652d3c4e78fd5\"\u003e\u003ccode\u003e8121179\u003c/code\u003e\u003c/a\u003e Raise requires-python to 3.8.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/38b7ebabd7b4817aec92f884d448eeb462e82108\"\u003e\u003ccode\u003e38b7eba\u003c/code\u003e\u003c/a\u003e Version 1.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/b9026d7025da45b0144c99e91b5286c734448012\"\u003e\u003ccode\u003eb9026d7\u003c/code\u003e\u003c/a\u003e Correct Missing Spanish Translations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/ae18ba95bd03534e15583d456572f86ea2f41442\"\u003e\u003ccode\u003eae18ba9\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/django-otp/django-otp/issues/181\"\u003e#181\u003c/a\u003e: misdocumented return type.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-otp/django-otp/commit/c9eef89240985293e0c9f197d0257a5352cfb62d\"\u003e\u003ccode\u003ec9eef89\u003c/code\u003e\u003c/a\u003e Version 1.6.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/django-otp/django-otp/compare/v1.3.0...v1.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-q2` from 1.9.0 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GDay/django-q2/releases\"\u003edjango-q2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import by \u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worker-process post-execute signal by \u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003easync_iter: fix BadSignature after the default Django cache expires by \u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation by \u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update Django Q2 compatibility information by \u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e by \u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix: qmonitor crash when passing int values to term.center by \u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list by \u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations by \u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/noHairMan\"\u003e\u003ccode\u003e@​noHairMan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prollings\"\u003e\u003ccode\u003e@​prollings\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbachry\"\u003e\u003ccode\u003e@​mbachry\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lybcyd\"\u003e\u003ccode\u003e@​lybcyd\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nikodunk\"\u003e\u003ccode\u003e@​nikodunk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Eroica\"\u003e\u003ccode\u003e@​Eroica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thesophile\"\u003e\u003ccode\u003e@​thesophile\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Nick-Yawn\"\u003e\u003ccode\u003e@​Nick-Yawn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/7576457\"\u003e\u003ccode\u003e@​7576457\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\"\u003ehttps://github.com/django-q2/django-q2/compare/v1.9.0...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md\"\u003edjango-q2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/django-q2/django-q2/tree/v1.10.0\"\u003ev1.10.0\u003c/a\u003e (2026-05-01)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Fix incorrect signal import (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/308\"\u003e#308\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/308\"\u003edjango-q2/django-q2#308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd post_execute_in_worker signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/309\"\u003edjango-q2/django-q2#309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/311\"\u003edjango-q2/django-q2#311\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/314\"\u003edjango-q2/django-q2#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/316\"\u003edjango-q2/django-q2#316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't close DB connection if async_task was called with sync=True (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/301\"\u003edjango-q2/django-q2#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConvert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/319\"\u003edjango-q2/django-q2#319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/322\"\u003edjango-q2/django-q2#322\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/325\"\u003edjango-q2/django-q2#325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add ru locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/django-q2/django-q2/pull/320\"\u003edjango-q2/django-q2#320\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/a699578c345f78b5f7faa5e34b6ccaf886ae7fd8\"\u003e\u003ccode\u003ea699578\u003c/code\u003e\u003c/a\u003e Release v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/5975a2d081db4fd6582f829e0df0dd9263ca4e28\"\u003e\u003ccode\u003e5975a2d\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eru\u003c/code\u003e locale and improve translations (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/320\"\u003e#320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/936fdd10b134dca4c5de020ca74b178742fd923e\"\u003e\u003ccode\u003e936fdd1\u003c/code\u003e\u003c/a\u003e Update Python base image to 3.9-slim-bookworm (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/325\"\u003e#325\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/fab97463c2e724e46204fe8eab92a1a9bb8aebb2\"\u003e\u003ccode\u003efab9746\u003c/code\u003e\u003c/a\u003e Fix unbounded growth of Broker.set_stat cluster master list (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/322\"\u003e#322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1abdc5b653d9d5c362a6fb4a73df2d08acdc642e\"\u003e\u003ccode\u003e1abdc5b\u003c/code\u003e\u003c/a\u003e Convert queue size and count to string in monitor (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/319\"\u003e#319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/01df35c92332801c21d8f12351e6b02c72608490\"\u003e\u003ccode\u003e01df35c\u003c/code\u003e\u003c/a\u003e Don't close DB connection if async_task was called with \u003ccode\u003esync=True\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/573b8da528c00a1fe8accf959d14e3af4a8f4e2a\"\u003e\u003ccode\u003e573b8da\u003c/code\u003e\u003c/a\u003e Update Django Q2 compatibility information (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/316\"\u003e#316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/8a563d289dc63f587d23237437f84af0f611d049\"\u003e\u003ccode\u003e8a563d2\u003c/code\u003e\u003c/a\u003e feat:add Simplified Chinese Translation (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/1b0f71a39b80c49f0fcbb9a41b54b5dfaff0c175\"\u003e\u003ccode\u003e1b0f71a\u003c/code\u003e\u003c/a\u003e Fix BadSignature after the default Django cache expires (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/311\"\u003e#311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/django-q2/django-q2/commit/b51575a4b03dfd4c22da6b948dddb35e2a243bef\"\u003e\u003ccode\u003eb51575a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epost_execute_in_worker\u003c/code\u003e signal (\u003ca href=\"https://redirect.github.com/GDay/django-q2/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/GDay/django-q2/compare/v1.9.0...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dulwich` from 1.2.0 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dulwich/dulwich/releases\"\u003edulwich's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edulwich-1.2.1\u003c/h2\u003e\n\u003ch2\u003eChanges since 1.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers\nwhen cloning from a local repo.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing\n\u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jelmer/dulwich/blob/main/NEWS\"\u003edulwich's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.2.1\t2026-04-29\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRecover from concurrent pack removals (e.g. a racing \u003ccode\u003egit repack\u003c/code\u003e or\n\u003ccode\u003egit gc --auto\u003c/code\u003e) instead of raising spurious \u003ccode\u003eKeyError\u003c/code\u003e /\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e. \u003ccode\u003ePack.index\u003c/code\u003e and \u003ccode\u003ePack.data\u003c/code\u003e now translate\n\u003ccode\u003eFileNotFoundError\u003c/code\u003e during lazy load into \u003ccode\u003ePackFileDisappeared\u003c/code\u003e,\nand \u003ccode\u003ePackBasedObjectStore\u003c/code\u003e evicts the stale pack and rescans the\npack directory before retrying — equivalent to git's\n\u003ccode\u003ereprepare_packed_git()\u003c/code\u003e. (Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDerive the LFS endpoint as the remote's on-disk LFS store\n(\u003ccode\u003e\u0026lt;remote\u0026gt;/.git/lfs\u003c/code\u003e for worktrees, \u003ccode\u003e\u0026lt;remote\u0026gt;/lfs\u003c/code\u003e for bare repos)\nwhen \u003ccode\u003eremote.origin.url\u003c/code\u003e points at a local filesystem path or\n\u003ccode\u003efile://\u003c/code\u003e URL, matching git-lfs behaviour. Previously the built-in\nsmudge filter constructed an HTTP-style \u003ccode\u003e\u0026lt;remote\u0026gt;.git/info/lfs\u003c/code\u003e path\nthat did not exist on disk, leaving LFS-tracked files as pointers when\ncloning from a local repo. (Jelmer Vernooij)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeduplicate objects when writing a multi-pack-index. Objects present\nin multiple packs (e.g. after \u003ccode\u003egit gc\u003c/code\u003e creates a cruft pack) would\notherwise produce an OIDL chunk with repeated SHAs, causing \u003ccode\u003egit multi-pack-index verify\u003c/code\u003e to fail with \u0026quot;oid lookup out of order\u0026quot;.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2152\"\u003e#2152\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtend ignorecase and precomposeunicode support to index lookups.\n(Jelmer Vernooij, \u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1807\"\u003e#1807\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/57806b8a4d041cd18bf84ba8d715f4dd0bc5e200\"\u003e\u003ccode\u003e57806b8\u003c/code\u003e\u003c/a\u003e Release 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a127d330de1ef497935146bcd978211d9894787f\"\u003e\u003ccode\u003ea127d33\u003c/code\u003e\u003c/a\u003e Honor GIT_PROTOCOL env var when picking default protocol version (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/1862\"\u003e#1862\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2149\"\u003e#2149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6c1697a108757766aba71624422a93900f2a867a\"\u003e\u003ccode\u003e6c1697a\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/6685fde81a717d91d747953c2f9277939ea5ab6b\"\u003e\u003ccode\u003e6685fde\u003c/code\u003e\u003c/a\u003e lfs: use pathlib.Path.as_uri() for portable file:// URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/0d0b9f8d205eb45660d81d1efc5b7ff1fc579e61\"\u003e\u003ccode\u003e0d0b9f8\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/a0dac57db7ba8a6d9fe67d1cf4303cef306647a2\"\u003e\u003ccode\u003ea0dac57\u003c/code\u003e\u003c/a\u003e Migrate from testrepository to inquest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/cd6ebd90fc8f2f1b267db29c418c12c7ebb971a3\"\u003e\u003ccode\u003ecd6ebd9\u003c/code\u003e\u003c/a\u003e lfs: derive correct file:// LFS endpoint from local remote URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/bfaf192aaba90df54e4e7b07bba11a28cf36012b\"\u003e\u003ccode\u003ebfaf192\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2158\"\u003e#2158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/06d7afdeb87f742bdfff93563fd0acd042473b0a\"\u003e\u003ccode\u003e06d7afd\u003c/code\u003e\u003c/a\u003e Move GIT_SSH/GIT_SSH_COMMAND env lookup from client.py to cli.py (\u003ca href=\"https://redirect.github.com/dulwich/dulwich/issues/2156\"\u003e#2156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jelmer/dulwich/commit/e60e0c1a4d44441d2f6edfc01ba5098d2ed24cf0\"\u003e\u003ccode\u003ee60e0c1\u003c/code\u003e\u003c/a\u003e Disable background processes to prevent issues with races\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dulwich/dulwich/compare/dulwich-1.2.0...dulwich-1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `googleapis-common-protos` from 1.74.0 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-python/releases\"\u003egoogleapis-common-protos's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003egoogleapis-common-protos: v1.75.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ev1.75.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/3997a108c45e1c1df8e844746eb2af4b1a77e154\"\u003e\u003ccode\u003e3997a10\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260506T163115Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16964\"\u003e#16964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f655e492c0879684b60a7d06e90501dd49e96252\"\u003e\u003ccode\u003ef655e49\u003c/code\u003e\u003c/a\u003e chore: add type annotation to SYNCPOINTS (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16973\"\u003e#16973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/f149bd7dd30489c3165bf03a2343dc9f75875451\"\u003e\u003ccode\u003ef149bd7\u003c/code\u003e\u003c/a\u003e refactor(bigframes): Modularize compiler routing as proxy executor (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16907\"\u003e#16907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/19db82f5cb033215531e5b65239e45275e3ed568\"\u003e\u003ccode\u003e19db82f\u003c/code\u003e\u003c/a\u003e chore(bigframes): remove leftover support for Python \u0026lt;= 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16961\"\u003e#16961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/2dedaacf0666ade39ae89194ad8dbc34761bd1df\"\u003e\u003ccode\u003e2dedaac\u003c/code\u003e\u003c/a\u003e chore: test CommonResource resource name alias (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16965\"\u003e#16965\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/9652a08cb89441fac779eb4fa4d6f48f33b55d3b\"\u003e\u003ccode\u003e9652a08\u003c/code\u003e\u003c/a\u003e fix: pass resource aliases to file-level CommonResources (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16945\"\u003e#16945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/78a48b040a2abc0bf19ebe267aba0a1f410df2e6\"\u003e\u003ccode\u003e78a48b0\u003c/code\u003e\u003c/a\u003e fix(google-cloud-core): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16953\"\u003e#16953\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/5975c48186dd8798b172ac442fd55bc7fece1612\"\u003e\u003ccode\u003e5975c48\u003c/code\u003e\u003c/a\u003e fix(dns): Drop support for Python 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16954\"\u003e#16954\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/d5bea2e99b435b8b3d75321679072db092001de6\"\u003e\u003ccode\u003ed5bea2e\u003c/code\u003e\u003c/a\u003e fix(crc32c): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16955\"\u003e#16955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-python/commit/63f6d96c1c5569b5fdaea85dfe995ce280907b98\"\u003e\u003ccode\u003e63f6d96\u003c/code\u003e\u003c/a\u003e fix(sqlalchemy-bigquery): Drop support for Python 3.8 and 3.9 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-python/issues/16956\"\u003e#16956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-python/compare/googleapis-common-protos-v1.74.0...googleapis-common-protos-v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gunicorn` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/benoitc/gunicorn/releases\"\u003egunicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEventlet worker removed\u003c/strong\u003e: The \u003ccode\u003eeventlet\u003c/code\u003e worker class has been dropped. Migrate to \u003ccode\u003egevent\u003c/code\u003e, \u003ccode\u003egthread\u003c/code\u003e, or \u003ccode\u003etornado\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Compatibility Suite\u003c/strong\u003e: New end-to-end compatibility test harness covering Starlette, FastAPI, Litestar, Quart, Sanic, and BlackSheep. Current grid passes 438/444 tests (98%).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Test Suite Expansion\u003c/strong\u003e: 134 additional ASGI unit tests covering protocol semantics, lifespan, websockets, and chunked framing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 Request-Target Validation\u003c/strong\u003e (RFC 9112 sections 3.2.3, 3.2.4):\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003eauthority-form\u003c/code\u003e request-target outside \u003ccode\u003eCONNECT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003easterisk-form\u003c/code\u003e request-target outside \u003ccode\u003eOPTIONS\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003erelative-reference\u003c/code\u003e request-targets\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Field Hardening\u003c/strong\u003e (RFC 9110):\n\u003cul\u003e\n\u003cli\u003eReject control characters in header field-value (section 5.5)\u003c/li\u003e\n\u003cli\u003eReject forbidden trailer field-names (section 6.5.1)\u003c/li\u003e\n\u003cli\u003eReject \u003ccode\u003eContent-Length\u003c/code\u003e list form (RFC 9112 section 6.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRequest Smuggling Hardening\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eTighten keepalive gate and scope \u003ccode\u003efinish_body\u003c/code\u003e byte cap\u003c/li\u003e\n\u003cli\u003eKeep \u003ccode\u003e_body_receiver\u003c/code\u003e alive across the keepalive smuggling gate so pipelined requests cannot re-enter a closed body\u003c/li\u003e\n\u003cli\u003eAddress parser/protocol findings from a six-point WSGI/ASGI audit\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePROXY Protocol (ASGI)\u003c/strong\u003e: Enforce \u003ccode\u003eproxy_allow_ips\u003c/code\u003e and tighten v1/v2 parsing in the ASGI callback parser.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConnection Draining\u003c/strong\u003e: Drain the connection on close per RFC 9112 section 9.6 to prevent reset-on-close truncation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBody Framing on HEAD/204/304\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eKeep \u003ccode\u003eContent-Length\u003c/code\u003e on HEAD and 304 responses (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop body framing on HEAD/204/304 even when the framework set it\u003c/li\u003e\n\u003cli\u003eWarn once when an ASGI app emits a body for a no-body response\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2 ASGI\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e_handle_stream_ended\u003c/code\u003e to set \u003ccode\u003e_body_complete\u003c/code\u003e in the async HTTP/2 handler so request bodies finalize correctly on stream end\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eInvalidChunkExtension\u003c/code\u003e mapping and fast-parser support in ASGI tests (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3565\"\u003e#3565\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/1.1 100-Continue\u003c/strong\u003e: Stop adding \u003ccode\u003eTransfer-Encoding: chunked\u003c/code\u003e to 100-Continue interim responses.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebSocket Close Handshake\u003c/strong\u003e (RFC 6455):\n\u003cul\u003e\n\u003cli\u003eComply with the close handshake state machine\u003c/li\u003e\n\u003cli\u003eClose the transport after the close handshake completes\u003c/li\u003e\n\u003cli\u003eFix binary send when the \u003ccode\u003etext\u003c/code\u003e key is \u003ccode\u003eNone\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEarly Hints\u003c/strong\u003e: Validate headers in the \u003ccode\u003eearly_hints\u003c/code\u003e callback to match \u003ccode\u003eprocess_headers\u003c/code\u003e; pass only the header name to \u003ccode\u003eInvalidHeader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3588\"\u003e#3588\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eASGI Framework Fixes\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eFix ASGI disconnect handling for Django-style apps\u003c/li\u003e\n\u003cli\u003eFix Litestar request handling (use raw ASGI receive for body/headers)\u003c/li\u003e\n\u003cli\u003eFix Litestar HTTP endpoints for compatibility tests\u003c/li\u003e\n\u003cli\u003eFix Quart headers endpoint to normalize keys to lowercase\u003c/li\u003e\n\u003cli\u003eFix Quart WebSocket close test app (missing \u003ccode\u003eaccept()\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix duplicate \u003ccode\u003eTransfer-Encoding\u003c/code\u003e header for BlackSheep streaming\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5d819cf36040f6cc6175fcc804d703fb899509dd\"\u003e\u003ccode\u003e5d819cf\u003c/code\u003e\u003c/a\u003e release: 26.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/b45c70df105f7d5dcbc5abfb732804d6464edc21\"\u003e\u003ccode\u003eb45c70d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3611\"\u003e#3611\u003c/a\u003e from zc-mattcen/docs-typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/99c8d48acf453deb5c49fe12e195dbc00d888d1e\"\u003e\u003ccode\u003e99c8d48\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3623\"\u003e#3623\u003c/a\u003e from benoitc/chore/drop-eventlet-add-h2-uvloop-test-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/5a655af50f20e005dd9e32e6078dc82fa45f3d4b\"\u003e\u003ccode\u003e5a655af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3622\"\u003e#3622\u003c/a\u003e from benoitc/test/docker-port-and-ipv4-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/201df19a8011c0a1d6a0e75ebe22e89d48eb935e\"\u003e\u003ccode\u003e201df19\u003c/code\u003e\u003c/a\u003e chore: remove eventlet worker; add h2 and uvloop to test deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/f4ac8e1f1bf1d365e77f41915da55bec31873f84\"\u003e\u003ccode\u003ef4ac8e1\u003c/code\u003e\u003c/a\u003e test: pass action name to dirty client and stabilize after TTOU spam\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/54d38afddf1f0db0c15b5f4ff63f3c7bfad96961\"\u003e\u003ccode\u003e54d38af\u003c/code\u003e\u003c/a\u003e test: unblock docker fixtures on macOS hosts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/68843c8893dd938456f0a2da62085ab5776f8871\"\u003e\u003ccode\u003e68843c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3621\"\u003e#3621\u003c/a\u003e from benoitc/fix/asgi-preserve-content-length-on-hea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/31f2618f733cc0c78690df63f4e344aaf3f56b20\"\u003e\u003ccode\u003e31f2618\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/benoitc/gunicorn/issues/3620\"\u003e#3620\u003c/a\u003e from benoitc/fix/asgi-proxy-protocol-trust-and-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/benoitc/gunicorn/commit/41ec7527dbd8a9e52728477700707ad40e41d9dc\"\u003e\u003ccode\u003e41ec752\u003c/code\u003e\u003c/a\u003e fix: keep Content-Length on HEAD and 304 responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/benoitc/gunicorn/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `icalendar` from 7.0.3 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/releases\"\u003eicalendar's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cp\u003eTo view the changes, please see the \u003ca href=\"https://icalendar.readthedocs.io/en/latest/changelog.html\"\u003eChangelog\u003c/a\u003e. This release can be installed from \u003ca href=\"https://pypi.org/project/icalendar/#history\"\u003ePyPI\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/collective/icalendar/blob/main/CHANGES.rst\"\u003eicalendar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-04-30)\u003c/h2\u003e\n\u003cp\u003eMinor changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Deprecate ``icalendar.parser.escape_string`` and ``icalendar.parser.unescape_string`` for icalendar version 8. Use ``_escape_string`` and ``_unescape_string`` internally. :issue:`1011`\n- Added behavioral tests for :class:`~icalendar.cal.lazy.LazyCalendar` covering serialization round-trips, ``.todos``, ``.journals``, forward timezone references, and ``with_uid()`` substring false-positives. :issue:`1050`\n- Added edge case tests for :class:`~icalendar.prop.conference.Conference` parameter normalization covering string passthrough, empty list filtering, and ``None`` omission. :issue:`925`\n- Make icalendar an explicit editable install for clarity. :pr:`1268`\n- Do not run some tests until a pull request is approved. :pr:`1246`\n- Mark skipped CI tasks as skipped instead of running them. :issue:`1286`\n- Created an :meth:`~icalendar.prop.boolean.vBoolean.ical_value` property for the :class:`~icalendar.prop.boolean.vBoolean` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.float.vFloat.ical_value` property for the :class:`~icalendar.prop.float.vFloat` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.integer.vInt.ical_value` property for the :class:`~icalendar.prop.integer.vInt` component. :issue:`876`\n- Created an :meth:`~icalendar.prop.binary.vBinary.ical_value` property for the :class:`~icalendar.prop.binary.vBinary` component. :issue:`876`\n- Put the link check as the last documentation CI task, allowing the documentation build and Vale to run first and fail faster. :pr:`1295`\n- Extended :func:`~icalendar.timezone.tzp.TZP.localize` to support localizing both :class:`datetime.datetime` and :class:`datetime.time` objects, returning timezone-aware :class:`datetime.time` objects for the latter. :issue:`1142`\n- Add type hints to tests directory functions. :issue:`938`\n- Update to Contributor Covenant 3.0 Code of Conduct, hosted at https://pycal.org/code-of-conduct/.\n\u003cp\u003eNew features\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Added :class:`~icalendar.cal.lazy.LazyCalendar` for lazy parsing of subcomponents. :issue:`158`, :issue:`1050`\n- Updated :func:`icalendar.prop.dt.time.vTime.from_ical` to support parsing time values with TZID parameters, returning timezone-aware :class:`datetime.time` objects. :issue:`1142`\n- Added ``subcomponents`` parameter to :meth:`Component.new \u0026amp;lt;icalendar.cal.component.Component.new\u0026amp;gt;`, :meth:`Event.new \u0026amp;lt;icalendar.cal.event.Event.new\u0026amp;gt;`, :meth:`Todo.new \u0026amp;lt;icalendar.cal.todo.Todo.new\u0026amp;gt;`, and :meth:`Availability.new \u0026amp;lt;icalendar.cal.availability.Availability.new\u0026amp;gt;`. :issue:`1065`\n- Switch to uv for development. :issue:`1102`\n\nBug fixes\n~~~~~~~~~\n\n- Allow lenient parsing of content lines with optional whitespace around property and parameter delimiters (for example, ``REFRESH - INTERVAL; VALUE = DURATION:PT48H``) when parsing calendars with ``strict=False``. :issue:`351`\n- X-properties with a ``VALUE`` parameter are now parsed using the correct type instead of falling back to :class:`~icalendar.prop.unkown.vUnkno...\n\n_Description has been truncated_","html_url":"https://github.com/invenhost/InvenTree/pull/342","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invenhost%2FInvenTree/issues/342","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/342/packages"}},{"old_version":"3.4.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-21T00:34:02.000Z","version_change":"3.4.0 → 5.0.0","issue":{"uuid":"4490802559","node_id":"PR_kwDOBZ4-_87dvn-k","number":1461,"state":"closed","title":"Bump the pip group across 6 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-21T00:35:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:34:02.000Z","updated_at":"2026-05-21T00:41:18.000Z","time_to_close":73,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":6,"packages":[{"name":"pymdown-extensions","old_version":"10.16.1","new_version":"10.21.3","repository_url":"https://github.com/facelessuser/pymdown-extensions"},{"name":"idna","old_version":"3.7","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"pillow","old_version":"12.0.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"paramiko","old_version":"3.4.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pytorch-lightning","old_version":"2.4.0","new_version":"2.6.1","repository_url":"https://github.com/Lightning-AI/pytorch-lightning"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /docs directory: [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions).\nBumps the pip group with 2 updates in the /emmet-api/requirements directory: [idna](https://github.com/kjd/idna) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 6 updates in the /emmet-builders-legacy/requirements directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) | `10.16.1` | `10.21.3` |\n| [idna](https://github.com/kjd/idna) | `3.7` | `3.15` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.4.0` | `5.0.0` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.4.0` | `2.6.1` |\n\nBumps the pip group with 5 updates in the /emmet-builders/requirements directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [idna](https://github.com/kjd/idna) | `3.7` | `3.15` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.0.0` | `12.2.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.4.0` | `5.0.0` |\n| [pytorch-lightning](https://github.com/Lightning-AI/pytorch-lightning) | `2.4.0` | `2.6.1` |\n\nBumps the pip group with 1 update in the /emmet-cli-legacy directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 2 updates in the /emmet-core/requirements directory: [idna](https://github.com/kjd/idna) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `pymdown-extensions` from 10.16.1 to 10.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/releases\"\u003epymdown-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.21.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when\n\u003ccode\u003erestrict_base_path\u003c/code\u003e is enabled (the default). Found by \u003ca href=\"https://github.com/gistrec\"\u003e\u003ccode\u003e@​gistrec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21. 2\u003c/h2\u003e\n\u003ch2\u003e10.21.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Highlight: Latest Pygments versions cannot handle a \u0026quot;filename\u0026quot; for code block titles of \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by\n\u003ca href=\"https://github.com/joapuiib\"\u003e\u003ccode\u003e@​joapuiib\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: MagicLink: Fix a matching pattern for Bitbucket repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Quotes: New blockquotes extension added that uses a more modern approach when compared to Python Markdown's\ndefault. Quotes specifically will not group consecutive blockquotes together in the same lazy fashion that the\ndefault Python Markdown does which follows a more modern trend to how parsers these days handle block quotes.\u003c/p\u003e\n\u003cp\u003eIn addition, Quotes also provides an optional feature to enable specifying callouts/alerts in the style used by\nGitHub and Obsidian.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Arithmatex: Fix issue where block \u003ccode\u003e$$\u003c/code\u003e math used inline within a paragraph could result in nested math\nparsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Emoji: Update Twemoji to use Unicode 16.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: Roll back \u003ccode\u003eview\u003c/code\u003e mode deprecation as some still like to use it, though further enhancements to this\nmode are not planned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: \u003ccode\u003eview\u003c/code\u003e mode has been deprecated. To avoid warnings or future issues, explicitly set \u003ccode\u003emode\u003c/code\u003e to\neither \u003ccode\u003eaccept\u003c/code\u003e or \u003ccode\u003ereject\u003c/code\u003e. In the future, the new default will be \u003ccode\u003eaccept\u003c/code\u003e and the \u003ccode\u003eview\u003c/code\u003e mode will be removed\nentirely.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Block Admonition: \u003ccode\u003eimportant\u003c/code\u003e should have always been available as a default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.17.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Blocks: Blocks extensions will now better handle nesting of indented style Admonitions, Details, and Tabbed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/42628414c6591b1a1ce211157090783e3b2242d6\"\u003e\u003ccode\u003e4262841\u003c/code\u003e\u003c/a\u003e Fix spelling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c\"\u003e\u003ccode\u003e63b7835\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/3d185501daaa1424c4a8d42124112c44ef6ab635\"\u003e\u003ccode\u003e3d18550\u003c/code\u003e\u003c/a\u003e Docs: update js deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/a4fdd73554706877e339692183b9424e8f5fec24\"\u003e\u003ccode\u003ea4fdd73\u003c/code\u003e\u003c/a\u003e Skip tag 10.21.1 has we accidentally already used it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/8afb4cde8fa5159e4318ab72e2daa55fd1107d4f\"\u003e\u003ccode\u003e8afb4cd\u003c/code\u003e\u003c/a\u003e Docs: Update JS deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/7bf5b2965a6b3dc6ee502ad3d117f6182e838e56\"\u003e\u003ccode\u003e7bf5b29\u003c/code\u003e\u003c/a\u003e Pygments needs a non-None value for code block title (\u003ca href=\"https://redirect.github.com/facelessuser/pymdown-extensions/issues/2863\"\u003e#2863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/20b11ebc86b54fbbed3d43e6f1d845ee474b2378\"\u003e\u003ccode\u003e20b11eb\u003c/code\u003e\u003c/a\u003e Fix some spelling and formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/c9edba3301e321e1e0f830a74a01ccbf10a45786\"\u003e\u003ccode\u003ec9edba3\u003c/code\u003e\u003c/a\u003e Docs: strengthen Snippets warning and add security considerations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/6d92b6878f8d55fd8843a58dd6634cfdfb6df722\"\u003e\u003ccode\u003e6d92b68\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/baeca0e10c5beca4d81fe782058f24b7eb9bf5ff\"\u003e\u003ccode\u003ebaeca0e\u003c/code\u003e\u003c/a\u003e Docs: update JS deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/compare/10.16.1...10.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymdown-extensions` from 10.16.1 to 10.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/releases\"\u003epymdown-extensions's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.21.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Fix regression that allows a snippet to be loaded outside of the base path using directory traversal when\n\u003ccode\u003erestrict_base_path\u003c/code\u003e is enabled (the default). Found by \u003ca href=\"https://github.com/gistrec\"\u003e\u003ccode\u003e@​gistrec\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21. 2\u003c/h2\u003e\n\u003ch2\u003e10.21.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Highlight: Latest Pygments versions cannot handle a \u0026quot;filename\u0026quot; for code block titles of \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Quotes: Ensure the first class for callouts (the alert type) is always rendered lowercase.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by\n\u003ca href=\"https://github.com/joapuiib\"\u003e\u003ccode\u003e@​joapuiib\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: MagicLink: Fix a matching pattern for Bitbucket repo.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Quotes: New blockquotes extension added that uses a more modern approach when compared to Python Markdown's\ndefault. Quotes specifically will not group consecutive blockquotes together in the same lazy fashion that the\ndefault Python Markdown does which follows a more modern trend to how parsers these days handle block quotes.\u003c/p\u003e\n\u003cp\u003eIn addition, Quotes also provides an optional feature to enable specifying callouts/alerts in the style used by\nGitHub and Obsidian.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Arithmatex: Fix issue where block \u003ccode\u003e$$\u003c/code\u003e math used inline within a paragraph could result in nested math\nparsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Emoji: Update Twemoji to use Unicode 16.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: Roll back \u003ccode\u003eview\u003c/code\u003e mode deprecation as some still like to use it, though further enhancements to this\nmode are not planned.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNEW\u003c/strong\u003e: Critic: \u003ccode\u003eview\u003c/code\u003e mode has been deprecated. To avoid warnings or future issues, explicitly set \u003ccode\u003emode\u003c/code\u003e to\neither \u003ccode\u003eaccept\u003c/code\u003e or \u003ccode\u003ereject\u003c/code\u003e. In the future, the new default will be \u003ccode\u003eaccept\u003c/code\u003e and the \u003ccode\u003eview\u003c/code\u003e mode will be removed\nentirely.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Block Admonition: \u003ccode\u003eimportant\u003c/code\u003e should have always been available as a default.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.17.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFIX\u003c/strong\u003e: Blocks: Blocks extensions will now better handle nesting of indented style Admonitions, Details, and Tabbed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/42628414c6591b1a1ce211157090783e3b2242d6\"\u003e\u003ccode\u003e4262841\u003c/code\u003e\u003c/a\u003e Fix spelling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c\"\u003e\u003ccode\u003e63b7835\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/3d185501daaa1424c4a8d42124112c44ef6ab635\"\u003e\u003ccode\u003e3d18550\u003c/code\u003e\u003c/a\u003e Docs: update js deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/a4fdd73554706877e339692183b9424e8f5fec24\"\u003e\u003ccode\u003ea4fdd73\u003c/code\u003e\u003c/a\u003e Skip tag 10.21.1 has we accidentally already used it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/8afb4cde8fa5159e4318ab72e2daa55fd1107d4f\"\u003e\u003ccode\u003e8afb4cd\u003c/code\u003e\u003c/a\u003e Docs: Update JS deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/7bf5b2965a6b3dc6ee502ad3d117f6182e838e56\"\u003e\u003ccode\u003e7bf5b29\u003c/code\u003e\u003c/a\u003e Pygments needs a non-None value for code block title (\u003ca href=\"https://redirect.github.com/facelessuser/pymdown-extensions/issues/2863\"\u003e#2863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/20b11ebc86b54fbbed3d43e6f1d845ee474b2378\"\u003e\u003ccode\u003e20b11eb\u003c/code\u003e\u003c/a\u003e Fix some spelling and formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/c9edba3301e321e1e0f830a74a01ccbf10a45786\"\u003e\u003ccode\u003ec9edba3\u003c/code\u003e\u003c/a\u003e Docs: strengthen Snippets warning and add security considerations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/6d92b6878f8d55fd8843a58dd6634cfdfb6df722\"\u003e\u003ccode\u003e6d92b68\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/facelessuser/pymdown-extensions/commit/baeca0e10c5beca4d81fe782058f24b7eb9bf5ff\"\u003e\u003ccode\u003ebaeca0e\u003c/code\u003e\u003c/a\u003e Docs: update JS deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/facelessuser/pymdown-extensions/compare/10.16.1...10.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.0.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/12.0.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 3.4.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.4.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytorch-lightning` from 2.4.0 to 2.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/releases\"\u003epytorch-lightning's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eLightning v2.6.1\u003c/h2\u003e\n\u003ch1\u003eChanges in \u003ccode\u003e2.6.1\u003c/code\u003e\u003c/h1\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003ePyTorch Lightning\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eAdded method chaining support to \u003ccode\u003eLightningModule.freeze()\u003c/code\u003e and \u003ccode\u003eLightningModule.unfreeze()\u003c/code\u003e by returning \u003ccode\u003eself\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21469\"\u003e#21469\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded litlogger integration(\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21430\"\u003e#21430\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecated \u003ccode\u003eto_torchscript\u003c/code\u003e method due to deprecation of TorchScript in PyTorch (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21397\"\u003e#21397\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved support for Python 3.9 due to end-of-life status (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21398\"\u003e#21398\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esave_hyperparameters(ignore=...)\u003c/code\u003e behavior so subclass ignore rules override base class rules (#\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21490\"\u003e21490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLightningDataModule.load_from_checkpoint\u003c/code\u003e to restore the datamodule subclass and hyperparameters (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21478\"\u003e#21478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eModelParallelStrategy\u003c/code\u003e single-file checkpointing when \u003ccode\u003etorch.compile\u003c/code\u003e wraps the model so optimizer states no longer raise \u003ccode\u003eKeyError\u003c/code\u003e during save (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21357\"\u003e#21357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSanitize profiler filenames when saving to avoid crashes due to invalid characters (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21395\"\u003e#21395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eStochasticWeightAveraging\u003c/code\u003e with infinite epochs (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21396\"\u003e#21396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e_generate_seed_sequence_sampling\u003c/code\u003e function not producing unique seeds (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21399\"\u003e#21399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eThroughputMonitor\u003c/code\u003e callback emitting warnings too frequently (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21453\"\u003e#21453\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eLightning Fabric\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eExposed \u003ccode\u003eweights_only\u003c/code\u003e argument for loading checkpoints in \u003ccode\u003eFabric.load()\u003c/code\u003e and \u003ccode\u003eFabric.load_raw()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21470\"\u003e#21470\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDistributedSamplerWrapper\u003c/code\u003e not forwarding \u003ccode\u003eset_epoch\u003c/code\u003e to the underlying sampler (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21454\"\u003e#21454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DDP notebook CUDA fork check to allow passive initialization when CUDA is not actively used (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/pull/21402\"\u003e#21402\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/655a3a91828694b9bfc241177f474741e483aeaa\"\u003e\u003ccode\u003e655a3a9\u003c/code\u003e\u003c/a\u003e bump(deps): bump \u003ccode\u003elitlogger\u003c/code\u003e version to \u003ccode\u003e\u0026gt;=0.1.7\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21517\"\u003e#21517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/300c05a96bdb9a355e53160c695e69bb25bfa965\"\u003e\u003ccode\u003e300c05a\u003c/code\u003e\u003c/a\u003e Prepare release 2.6.1 (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21516\"\u003e#21516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/dc16bc56ff66ea321f90d4aec69a41c7c0bb82e4\"\u003e\u003ccode\u003edc16bc5\u003c/code\u003e\u003c/a\u003e build(deps): update setuptools requirement from \u0026lt;80.9.1 to \u0026lt;80.10.3 in /requi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/6ee3800a120937d27cf774e57d2d28986062999e\"\u003e\u003ccode\u003e6ee3800\u003c/code\u003e\u003c/a\u003e build(deps): update torchvision requirement from \u0026lt;0.25.0,\u0026gt;=0.16.0 to \u0026gt;=0.16.0...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/6478f8ec9cd3d4f524d73ad0df070d0a566ee9a3\"\u003e\u003ccode\u003e6478f8e\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003esave_hyperparameters\u003c/code\u003e ignore precedence in subclasses (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21490\"\u003e#21490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/2712587858c8f89e9dfbfe10cb919340acdb9c8c\"\u003e\u003ccode\u003e2712587\u003c/code\u003e\u003c/a\u003e CI: fix doctest failure from PyTorch LeafSpec FutureWarning (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21502\"\u003e#21502\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/ae1dc6f0eb9ce3229532b4de7f1036630ae7e2f1\"\u003e\u003ccode\u003eae1dc6f\u003c/code\u003e\u003c/a\u003e fix(link-check): resolve broken URLs (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21493\"\u003e#21493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/f0b1c5274552b607d7a4b22216deaf910ffc2aba\"\u003e\u003ccode\u003ef0b1c52\u003c/code\u003e\u003c/a\u003e fix(fabric): forward set_epoch to underlying sampler in DistributedSamplerWra...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/bddc25309b77a5100c86105354108ec3abe89711\"\u003e\u003ccode\u003ebddc253\u003c/code\u003e\u003c/a\u003e Fix warning frequency in throughput monitor callback (\u003ca href=\"https://redirect.github.com/Lightning-AI/pytorch-lightning/issues/21453\"\u003e#21453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/commit/2f4b58a84aca372b92091fb8463a3f76d741b825\"\u003e\u003ccode\u003e2f4b58a\u003c/code\u003e\u003c/a\u003e build(deps): update numpy requirement from \u0026lt;2.3.5,\u0026gt;2.1.0 to \u0026gt;2.1.0,\u0026lt;2.4.2 in ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Lightning-AI/pytorch-lightning/compare/2.4.0...2.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.7 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 12.0.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://re...\n\n_Description has been truncated_","html_url":"https://github.com/materialsproject/emmet/pull/1461","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/materialsproject%2Femmet/issues/1461","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1461/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-19T21:41:49.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4481265169","node_id":"PR_kwDOMXNO-87dQ8Rf","number":7501,"state":"closed","title":"Bump the uv group across 17 directories with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T22:20:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T21:41:49.000Z","updated_at":"2026-05-19T22:20:50.000Z","time_to_close":2339,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":3,"packages":[{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.13","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.11","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /ci/markdown-broken-link-checker directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 2 updates in the /crates/tensorzero-core/fixtures/deployment/sagemaker-ollama directory: [idna](https://github.com/kjd/idna) and [paramiko](https://github.com/paramiko/paramiko).\nBumps the uv group with 1 update in the /crates/tensorzero-core/fixtures/deployment/sagemaker-tgi directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/babyai directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/gateway/call-llms-with-image-and-file-inputs directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/operations/track-usage-and-cost directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/optimization/dynamic-in-context-learning-dicl directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/optimization/gepa directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/docs/guides/optimization/supervised-fine-tuning-sft directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/embeddings/providers/azure directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/embeddings/providers/openai directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/embeddings/providers/openai-compatible-ollama directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/guides/tool-use directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 2 updates in the /examples/integrations/langgraph directory: [idna](https://github.com/kjd/idna) and [langsmith](https://github.com/langchain-ai/langsmith-sdk).\nBumps the uv group with 1 update in the /examples/mcp-model-context-protocol directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/multimodal-vision-finetuning directory: [idna](https://github.com/kjd/idna).\nBumps the uv group with 1 update in the /examples/optimization/dicl directory: [idna](https://github.com/kjd/idna).\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli...\n\n_Description has been truncated_","html_url":"https://github.com/tensorzero/tensorzero/pull/7501","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tensorzero%2Ftensorzero/issues/7501","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7501/packages"}},{"old_version":"3.5.1","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-19T21:04:35.000Z","version_change":"3.5.1 → 5.0.0","issue":{"uuid":"4481035747","node_id":"PR_kwDONhLw9c7dQL5A","number":185,"state":"open","title":"Bump the uv group across 12 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T21:04:35.000Z","updated_at":"2026-06-01T00:18:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":9,"packages":[{"name":"authlib","old_version":"1.6.6","new_version":"1.6.12","repository_url":"https://github.com/authlib/authlib"},{"name":"banks","old_version":"2.3.0","new_version":"2.4.2","repository_url":"https://github.com/masci/banks"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"paramiko","old_version":"3.5.1","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"ujson","old_version":"5.11.0","new_version":"5.12.1","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /backend directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /platform-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /prompt-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /runner directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 3 updates in the /tool-sidecar directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\nBumps the uv group with 7 updates in the /unstract/connectors directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [authlib](https://github.com/authlib/authlib) | `1.6.6` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.3.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.5.1` | `5.0.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/filesystem directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/sdk1 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.4` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.11.0` | `5.12.1` |\n\nBumps the uv group with 8 updates in the /unstract/tool-registry directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.2.0` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.1` |\n\nBumps the uv group with 6 updates in the /unstract/workflow-execution directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.12` |\n| [banks](https://github.com/masci/banks) | `2.4.1` | `2.4.2` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n\nBumps the uv group with 1 update in the /workers directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 3 updates in the /x2text-service directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [urllib3](https://github.com/urllib3/urllib3) and [idna](https://github.com/kjd/idna).\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.5.0 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.5.0...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python...\n\n_Description has been truncated_","html_url":"https://github.com/SherfeyInv/unstract/pull/185","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SherfeyInv%2Funstract/issues/185","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/185/packages"}},{"old_version":"3.5.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-16T08:28:01.000Z","version_change":"3.5.0 → 5.0.0","issue":{"uuid":"4459256565","node_id":"PR_kwDORSvhlc7cLiiL","number":1,"state":"open","title":"Bump the pip group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T08:28:01.000Z","updated_at":"2026-05-16T08:28:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":11,"packages":[{"name":"fastmcp","old_version":"2.13.1","new_version":"3.2.0","repository_url":"https://github.com/PrefectHQ/fastmcp"},{"name":"flask","old_version":"3.0.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"simpleeval","old_version":"1.0.3","new_version":"1.0.5","repository_url":"https://github.com/danthedeckie/simpleeval"},{"name":"langchain-core","old_version":"0.3.49","new_version":"1.3.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-community","old_version":"0.3.19","new_version":"0.3.27","repository_url":"https://github.com/langchain-ai/langchain-community"},{"name":"lxml-html-clean","old_version":"0.3.1","new_version":"0.4.4","repository_url":"https://github.com/fedora-python/lxml_html_clean"},{"name":"mcp","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/modelcontextprotocol/python-sdk"},{"name":"paramiko","old_version":"3.5.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pypdf","old_version":"6.0.0","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"python-dotenv","old_version":"1.1.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"unstructured","old_version":"0.16.23","new_version":"0.18.18","repository_url":"https://github.com/Unstructured-IO/unstructured"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastmcp](https://github.com/PrefectHQ/fastmcp) | `2.13.1` | `3.2.0` |\n| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |\n| [simpleeval](https://github.com/danthedeckie/simpleeval) | `1.0.3` | `1.0.5` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.3.3` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.19` | `0.3.27` |\n| [lxml-html-clean](https://github.com/fedora-python/lxml_html_clean) | `0.3.1` | `0.4.4` |\n| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.22.0` | `1.23.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.5.0` | `5.0.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.0.0` | `6.10.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [unstructured](https://github.com/Unstructured-IO/unstructured) | `0.16.23` | `0.18.18` |\n\n\nUpdates `fastmcp` from 2.13.1 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases\"\u003efastmcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0: Show Don't Tool\u003c/h2\u003e\n\u003cp\u003eFastMCP 3.2 is the Apps release. The 3.0 architecture gave you providers and transforms; 3.1 shipped Code Mode for tool discovery. 3.2 puts a face on it: your tools can now return interactive UIs — charts, dashboards, forms, maps — rendered right inside the conversation.\u003c/p\u003e\n\u003ch2\u003eFastMCPApp\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eFastMCPApp\u003c/code\u003e is a new provider class for building interactive applications inside MCP. It separates the tools the LLM sees (\u003ccode\u003e@app.ui()\u003c/code\u003e) from the backend tools the UI calls (\u003ccode\u003e@app.tool()\u003c/code\u003e), manages visibility automatically, and gives tool references stable identifiers that survive namespace transforms and server composition — without requiring host cooperation.\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003efrom fastmcp import FastMCP, FastMCPApp\nfrom prefab_ui.actions.mcp import CallTool\nfrom prefab_ui.components import Column, Form, Input, Button, ForEach, Text\n\u003cp\u003eapp = FastMCPApp(\u0026quot;Contacts\u0026quot;)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.tool()\ndef save_contact(name: str, email: str) -\u0026gt; list[dict]:\ndb.append({\u0026quot;name\u0026quot;: name, \u0026quot;email\u0026quot;: email})\nreturn list(db)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/app\"\u003e\u003ccode\u003e@​app\u003c/code\u003e\u003c/a\u003e.ui()\ndef contact_manager() -\u0026gt; PrefabApp:\nwith PrefabApp(state={\u0026quot;contacts\u0026quot;: list(db)}) as view:\nwith Column(gap=4):\nForEach(\u0026quot;contacts\u0026quot;, lambda c: Text(c.name))\nwith Form(on_submit=CallTool(\u0026quot;save_contact\u0026quot;)):\nInput(name=\u0026quot;name\u0026quot;, required=True)\nInput(name=\u0026quot;email\u0026quot;, required=True)\nButton(\u0026quot;Save\u0026quot;)\nreturn view\u003c/p\u003e\n\u003cp\u003emcp = FastMCP(\u0026quot;Server\u0026quot;, providers=[app])\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe UI is built with \u003ca href=\"https://prefab.prefect.io\"\u003ePrefab\u003c/a\u003e, a Python component library that compiles to interactive UIs. You write Python; the user sees charts, tables, forms, and dashboards. FastMCP handles the MCP Apps protocol machinery — renderer resources, CSP configuration, structured content serialization — so you don't have to.\u003c/p\u003e\n\u003cp\u003eFor simpler cases where you just want to visualize data without server interaction, set \u003ccode\u003eapp=True\u003c/code\u003e on any tool and return Prefab components directly:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e@mcp.tool(app=True)\ndef revenue_chart(year: int) -\u0026gt; PrefabApp:\n    with PrefabApp() as app:\n        BarChart(data=revenue_data, series=[ChartSeries(data_key=\u0026quot;revenue\u0026quot;)])\n    return app\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eBuilt-in Providers\u003c/h2\u003e\n\u003cp\u003eFive ready-made providers you add with a single \u003ccode\u003eadd_provider()\u003c/code\u003e call:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFileUpload\u003c/strong\u003e — drag-and-drop file upload with session-scoped storage\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PrefectHQ/fastmcp/blob/main/docs/changelog.mdx\"\u003efastmcp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003etitle: \u0026quot;Changelog\u0026quot;\nicon: \u0026quot;list-check\u0026quot;\nrss: true\ntag: NEW\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.1.1\"\u003ev3.1.1: 'Tis But a Patch\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePins \u003ccode\u003epydantic-monty\u003c/code\u003e below 0.0.8 to fix a breaking change in Monty that affects code mode. Monty 0.0.8 removed the \u003ccode\u003eexternal_functions\u003c/code\u003e constructor parameter, causing \u003ccode\u003eMontySandboxProvider\u003c/code\u003e to fail. This patch caps the version so existing installs work correctly.\u003c/p\u003e\n\u003ch3\u003eFixes 🐞\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePin pydantic-monty below 0.0.8 to fix code mode by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3497\"\u003e#3497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v3.1.0...v3.1.1\"\u003ev3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.1.0\"\u003ev3.1.0: Code to Joy\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eFastMCP 3.1 is the Code Mode release. The 3.0 architecture introduced providers and transforms as the extensibility layer — 3.1 puts that architecture to work, shipping the most requested capability since launch: servers that can find and execute code on behalf of agents, without requiring clients to know what tools exist.\u003c/p\u003e\n\u003ch3\u003eNew Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Search transforms for tool discovery by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3154\"\u003e#3154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd experimental CodeMode transform by \u003ca href=\"https://github.com/aaazzam\"\u003e\u003ccode\u003e@​aaazzam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3297\"\u003e#3297\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Prefab Apps integration for MCP tool UIs by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3316\"\u003e#3316\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🔧\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLazy-load heavy imports to reduce import time by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3295\"\u003e#3295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd http_client parameter to all token verifiers for connection pooling by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3300\"\u003e#3300\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd in-memory caching for token introspection results by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3298\"\u003e#3298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SessionStart hook to install gh CLI in cloud sessions by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3308\"\u003e#3308\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix ty 0.0.19 type errors by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3310\"\u003e#3310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCode Mode: Add resource limits to MontySandboxProvider by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3326\"\u003e#3326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept transforms as FastMCP init kwarg by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSplit large test files to comply with loq line limit by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3328\"\u003e#3328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd -m/--module flag to \u003ccode\u003efastmcp run\u003c/code\u003e and \u003ccode\u003edev inspector\u003c/code\u003e by \u003ca href=\"https://github.com/dgenio\"\u003e\u003ccode\u003e@​dgenio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3331\"\u003e#3331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd search_result_serializer hook and serialize_tools_for_output_markdown by \u003ca href=\"https://github.com/MagnusS0\"\u003e\u003ccode\u003e@​MagnusS0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3337\"\u003e#3337\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd MultiAuth for composing multiple token verification sources by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3335\"\u003e#3335\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds PropelAuth as an AuthProvider by \u003ca href=\"https://github.com/andrew-propelauth\"\u003e\u003ccode\u003e@​andrew-propelauth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3358\"\u003e#3358\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace vendored DI with uncalled-for by \u003ca href=\"https://github.com/chrisguidry\"\u003e\u003ccode\u003e@​chrisguidry\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3301\"\u003e#3301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDecompose CodeMode into composable discovery tools by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3354\"\u003e#3354\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(contrib): auto-sync MCPMixin decorators with from_function signatures by \u003ca href=\"https://github.com/AnkeshThakur\"\u003e\u003ccode\u003e@​AnkeshThakur\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3323\"\u003e#3323\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Google GenAI Sampling Handler by \u003ca href=\"https://github.com/strawgate\"\u003e\u003ccode\u003e@​strawgate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/2977\"\u003e#2977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd ListTools, search limit, and catalog size annotation to CodeMode by \u003ca href=\"https://github.com/jlowin\"\u003e\u003ccode\u003e@​jlowin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3359\"\u003e#3359\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow configuring FastMCP transport setting in the same way as other configuration by \u003ca href=\"https://github.com/jvdmr\"\u003e\u003ccode\u003e@​jvdmr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/1796\"\u003e#1796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd include_unversioned option to VersionFilter by \u003ca href=\"https://github.com/yangbaechu\"\u003e\u003ccode\u003e@​yangbaechu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/pull/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/665514e19a78543709be85b4261153bbe98e882f\"\u003e\u003ccode\u003e665514e\u003c/code\u003e\u003c/a\u003e Add forward_resource flag to OAuthProxy (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3711\"\u003e#3711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f189d1f7fbfd55c9f68c750a3a293e31c7586e8b\"\u003e\u003ccode\u003ef189d1f\u003c/code\u003e\u003c/a\u003e Bump pydantic-monty to 0.0.9 (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3707\"\u003e#3707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/6faa2d61f82eab670694965606fd7b14bedddc7f\"\u003e\u003ccode\u003e6faa2d6\u003c/code\u003e\u003c/a\u003e Remove hardcoded prefab-ui version from pinning warnings (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3708\"\u003e#3708\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/dd8816c6ccc733048fe6208bfc8f80ded505f993\"\u003e\u003ccode\u003edd8816c\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3701\"\u003e#3701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/d27495960af23969f11d6e1e44e2018529c1c37e\"\u003e\u003ccode\u003ed274959\u003c/code\u003e\u003c/a\u003e docs: note that custom routes are unauthenticated (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3706\"\u003e#3706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/4a54be2d5f1ac8925a461e67cf993e0278729d4d\"\u003e\u003ccode\u003e4a54be2\u003c/code\u003e\u003c/a\u003e Add examples gallery page (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3705\"\u003e#3705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/961dd5045611e9c1bd6b7c4f5ac3aa14f0a30ce7\"\u003e\u003ccode\u003e961dd50\u003c/code\u003e\u003c/a\u003e Add interactive map example with geocoding (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3702\"\u003e#3702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/f01d0c581c7a821a9701d6dde4d9beb95e32d479\"\u003e\u003ccode\u003ef01d0c5\u003c/code\u003e\u003c/a\u003e Add quiz example app, fix dev server empty string args (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3700\"\u003e#3700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/85b7efd74601a72c74ac68e23599de6c032bb9c4\"\u003e\u003ccode\u003e85b7efd\u003c/code\u003e\u003c/a\u003e chore: Update SDK documentation (\u003ca href=\"https://redirect.github.com/PrefectHQ/fastmcp/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PrefectHQ/fastmcp/commit/27abe3c3f0cc2ce1925cc3cbc7968d5637ebc82b\"\u003e\u003ccode\u003e27abe3c\u003c/code\u003e\u003c/a\u003e Add sales dashboard and live system monitor examples, bump prefab-ui to 0.17 ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PrefectHQ/fastmcp/compare/v2.13.1...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simpleeval` from 1.0.3 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/danthedeckie/simpleeval/releases\"\u003esimpleeval's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.0.5\u003c/h2\u003e\n\u003cp\u003eFixes Security issues with \u0026quot;dangerous\u0026quot; modules \u0026amp; functions leaking through as attributes of other names, see:\u003c/p\u003e\n\u003cp\u003eFixes CVE-2026-32640\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/security/advisories/GHSA-44vg-5wv2-h2hg\"\u003ehttps://github.com/danthedeckie/simpleeval/security/advisories/GHSA-44vg-5wv2-h2hg\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eBreaking Change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eModules \u0026amp; Submodules now are not directly usable as names or as attributes of other items, if you still need this functionality, then use the new \u003ccode\u003eModuleWrapper\u003c/code\u003e, or subclass SimpleEval to bypass it.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/a4659fad8f3fb855acaf7667b2a48ff9f5576b5d\"\u003e\u003ccode\u003ea4659fa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/danthedeckie/simpleeval/issues/171\"\u003e#171\u003c/a\u003e from danthedeckie/remove-module-access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/7c9180c52d1fcfea468ae42cf9495d8f055a2940\"\u003e\u003ccode\u003e7c9180c\u003c/code\u003e\u003c/a\u003e version number bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/cffa9f68cee54404a2ef43d949a8ae8a3311c503\"\u003e\u003ccode\u003ecffa9f6\u003c/code\u003e\u003c/a\u003e Much stricter lockdown via _check_disallowed_items plus adding ModuleWrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/4e7f4b81e6d32fd2c24dd5cfa2977d725e11162d\"\u003e\u003ccode\u003e4e7f4b8\u003c/code\u003e\u003c/a\u003e Add ByamB4 to contributors list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/1654cbf0219345f707c79664b8657be6b8d23e33\"\u003e\u003ccode\u003e1654cbf\u003c/code\u003e\u003c/a\u003e Disallow module access \u0026amp; disallowed function access via attributes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/9cb4a7b99498c173263bd90f77bc185e160fb6b8\"\u003e\u003ccode\u003e9cb4a7b\u003c/code\u003e\u003c/a\u003e Add a few additional DISALLOW_FUNCTIONS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/0425898b23abb3f1a9ed56dbb0bb4244d6350f2f\"\u003e\u003ccode\u003e0425898\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/danthedeckie/simpleeval/issues/169\"\u003e#169\u003c/a\u003e from danthedeckie/update-readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/618bcf4b2cb322aefc76735bf091739c8148a19e\"\u003e\u003ccode\u003e618bcf4\u003c/code\u003e\u003c/a\u003e update build tools / config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/88289434c3f88df4646ce37fc67a3ef9158917d6\"\u003e\u003ccode\u003e8828943\u003c/code\u003e\u003c/a\u003e bump version, and update copyright year\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/danthedeckie/simpleeval/commit/97570fe4659bbafdf49d9407dc4423f3c7f0f235\"\u003e\u003ccode\u003e97570fe\u003c/code\u003e\u003c/a\u003e lint string joining fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/danthedeckie/simpleeval/compare/1.0.3...1.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.49 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.49...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-community` from 0.3.19 to 0.3.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain-community/releases\"\u003elangchain-community's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elibs/community/v0.3.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ecommunity[patch]: verify ssl by default in RecursiveUrlLoader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/136\"\u003elangchain-ai/langchain-community#136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Change JSON loader to be able to handle UTF-8-BOM files by \u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWriteFileTool should create not existent parent dirs in file_path by \u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:zap: fix: update OpenAI model cost values for accuracy by \u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: Prevent XXE in evernote loader by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/139\"\u003elangchain-ai/langchain-community#139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease 0.3.27 by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/143\"\u003elangchain-ai/langchain-community#143\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/witlat\"\u003e\u003ccode\u003e@​witlat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/138\"\u003elangchain-ai/langchain-community#138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vria\"\u003e\u003ccode\u003e@​vria\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/132\"\u003elangchain-ai/langchain-community#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdahar\"\u003e\u003ccode\u003e@​tdahar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/142\"\u003elangchain-ai/langchain-community#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.26...libs/community/v0.3.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[USearch]: Intializations of ids in case self.ids is None by \u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: drop langsmith upper bound and release 0.3.26 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/127\"\u003elangchain-ai/langchain-community#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/keenborder786\"\u003e\u003ccode\u003e@​keenborder786\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/99\"\u003elangchain-ai/langchain-community#99\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\"\u003ehttps://github.com/langchain-ai/langchain-community/compare/libs/community/v0.3.25...libs/community/v0.3.26\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003elibs/community/v0.3.25\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: replace invalid scenexplain algorithm by \u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003einfra: specify pyopenssl in extended test deps by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/80\"\u003elangchain-ai/langchain-community#80\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: deprecate Tavily tools in favor of langchain-tavily implementation by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/79\"\u003elangchain-ai/langchain-community#79\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecating hugging face implementation in langchain_community by \u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003evectorstores[azure_search]: fix regression in 0.3.24  by \u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: Add cost data for aws bedrock claude 4 series models by \u003ca href=\"https://github.com/AsifMehmood97\"\u003e\u003ccode\u003e@​AsifMehmood97\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/83\"\u003elangchain-ai/langchain-community#83\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove no-untyped-def escapes by \u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add search endpoint for Firecrawl Integration by \u003ca href=\"https://github.com/ftonato\"\u003e\u003ccode\u003e@​ftonato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/87\"\u003elangchain-ai/langchain-community#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity[patch]: ssl verification should be enabled by default everywhere by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/75\"\u003elangchain-ai/langchain-community#75\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle image of size 0 bytes in PyPDFParser by \u003ca href=\"https://github.com/soucosmo\"\u003e\u003ccode\u003e@​soucosmo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/84\"\u003elangchain-ai/langchain-community#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add depandabot config by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/90\"\u003elangchain-ai/langchain-community#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHarden Azure ML url validation by \u003ca href=\"https://github.com/tonybaloney\"\u003e\u003ccode\u003e@​tonybaloney\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/88\"\u003elangchain-ai/langchain-community#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update readme by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/95\"\u003elangchain-ai/langchain-community#95\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epatch: sanitize file extension in HuggingFaceTextToSpeechModelInference by \u003ca href=\"https://github.com/eyurtsev\"\u003e\u003ccode\u003e@​eyurtsev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/101\"\u003elangchain-ai/langchain-community#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: telegram multiformat by \u003ca href=\"https://github.com/jerryyf\"\u003e\u003ccode\u003e@​jerryyf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/89\"\u003elangchain-ai/langchain-community#89\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecommunity: release 0.3.25 by \u003ca href=\"https://github.com/ccurme\"\u003e\u003ccode\u003e@​ccurme\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/86\"\u003elangchain-ai/langchain-community#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaelLi65535\"\u003e\u003ccode\u003e@​MichaelLi65535\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/59\"\u003elangchain-ai/langchain-community#59\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CtrlMj\"\u003e\u003ccode\u003e@​CtrlMj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/73\"\u003elangchain-ai/langchain-community#73\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcgibbons\"\u003e\u003ccode\u003e@​marcgibbons\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/77\"\u003elangchain-ai/langchain-community#77\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cbornet\"\u003e\u003ccode\u003e@​cbornet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-community/pull/17\"\u003elangchain-ai/langchain-community#17\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/langchain-ai/langchain-community/commits/libs/community/v0.3.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml-html-clean` from 0.3.1 to 0.4.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/blob/main/CHANGES.rst\"\u003elxml-html-clean's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.4.4 (2026-02-26)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where Unicode escapes in CSS were not properly decoded\nbefore security checks. This prevents attackers from bypassing filters\nusing escape sequences. (CVE-2026-28348)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tags could be used for URL\nhijacking attacks. The \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e tag is now automatically removed\nwhenever the \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e tag is removed (via \u003ccode\u003epage_structure=True\u003c/code\u003e\nor manual configuration), as \u003ccode\u003e\u0026lt;base\u0026gt;\u003c/code\u003e must be inside \u003ccode\u003e\u0026lt;head\u0026gt;\u003c/code\u003e\naccording to HTML specifications. (CVE-2026-28350)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.3 (2025-10-02)\u003c/h1\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTests updated to work correctly with new lxml and libxml2 releases.\u003c/li\u003e\n\u003cli\u003ePython 3.6 and 3.7 are no longer tested.\u003c/li\u003e\n\u003cli\u003eImproved documentation about CSS removal behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.2 (2025-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elxml_html_clean\u003c/code\u003e now correctly handles HTML input as bytes\nas it did before the 0.2.0 release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.1 (2024-11-15)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved superfluous debug prints.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.4.0 (2024-11-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eCleaner()\u003c/code\u003e now scans for hidden JavaScript code embedded\nwithin CSS comments. In certain contexts, such as within \u003ccode\u003e\u0026lt;svg\u0026gt;\u003c/code\u003e or \u003ccode\u003e\u0026lt;math\u0026gt;\u003c/code\u003e tags,\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/fd10d79cf8a4d4a962e139aee6d02dec02b2de7c\"\u003e\u003ccode\u003efd10d79\u003c/code\u003e\u003c/a\u003e Add more tests for different combinations of backslashes and unicode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/5b7e2288d9e5bda81d1fcf6a4feaed362534899e\"\u003e\u003ccode\u003e5b7e228\u003c/code\u003e\u003c/a\u003e Restore the removal of all backslashes from styles after decoding of unicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/88da8f9e679190ae06f1238106dd9fbd1d87bfbb\"\u003e\u003ccode\u003e88da8f9\u003c/code\u003e\u003c/a\u003e Prepare release 0.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34\"\u003e\u003ccode\u003e9c5612c\u003c/code\u003e\u003c/a\u003e Remove \u0026lt;base\u0026gt; tags to prevent URL hijacking attacks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/2ef732667ddbc74ea59847bcf24b75809aaeed3b\"\u003e\u003ccode\u003e2ef7326\u003c/code\u003e\u003c/a\u003e Implement unicode escape decoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/7c854afd949ff82cc6e81a666962e07b739706cf\"\u003e\u003ccode\u003e7c854af\u003c/code\u003e\u003c/a\u003e Add missing Python 3.14 to classifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/80cebf7156449bd48d2d6106a70c7442874fa1f9\"\u003e\u003ccode\u003e80cebf7\u003c/code\u003e\u003c/a\u003e Continue using the package link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/1cef82e0647549b901452f45396ded8e6b2bceab\"\u003e\u003ccode\u003e1cef82e\u003c/code\u003e\u003c/a\u003e Update safe sanitizer recommendation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/79f35f4b7542bf87286b45764a7b0bdf6830bb36\"\u003e\u003ccode\u003e79f35f4\u003c/code\u003e\u003c/a\u003e CI: Drop Python 3.8, add 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fedora-python/lxml_html_clean/commit/fab1dd4a23cbad1cdd4f2cebd2d6cae1130565bd\"\u003e\u003ccode\u003efab1dd4\u003c/code\u003e\u003c/a\u003e Release 0.4.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fedora-python/lxml_html_clean/compare/0.3.1...0.4.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.22.0 to 1.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis release brings us up to speed with the latest MCP spec \u003ccode\u003e2025-11-25\u003c/code\u003e. Take a look at the \u003ca href=\"https://modelcontextprotocol.io/specification/2025-11-25\"\u003elatest spec\u003c/a\u003e as well as the release \u003ca href=\"https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/\"\u003eblog post.\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for JSON Schema 2020-12 field preservation (SEP-1613) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1649\"\u003emodelcontextprotocol/python-sdk#1649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd client_secret_basic authentication support by \u003ca href=\"https://github.com/jonshea\"\u003e\u003ccode\u003e@​jonshea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1334\"\u003emodelcontextprotocol/python-sdk#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1577 - Sampling With Tools by \u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by \u003ca href=\"https://github.com/chughtapan\"\u003e\u003ccode\u003e@​chughtapan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1246\"\u003emodelcontextprotocol/python-sdk#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[auth][conformance] add conformance auth client by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1640\"\u003emodelcontextprotocol/python-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-986: Tool name validation by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1655\"\u003emodelcontextprotocol/python-sdk#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url for spec by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1659\"\u003emodelcontextprotocol/python-sdk#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: implement SEP-991 URL-based client ID (CIMD) support by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1652\"\u003emodelcontextprotocol/python-sdk#1652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate doc string on custom_route by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1660\"\u003emodelcontextprotocol/python-sdk#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1036: URL mode elicitation for secure out-of-band interactions by \u003ca href=\"https://github.com/cbcoutinho\"\u003e\u003ccode\u003e@​cbcoutinho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1580\"\u003emodelcontextprotocol/python-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip empty SSE data to avoid parsing errors by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1670\"\u003emodelcontextprotocol/python-sdk#1670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1686: Tasks by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1645\"\u003emodelcontextprotocol/python-sdk#1645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd on_session_created callback option by \u003ca href=\"https://github.com/crondinini-ant\"\u003e\u003ccode\u003e@​crondinini-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1710\"\u003emodelcontextprotocol/python-sdk#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SSE polling support (SEP-1699) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1654\"\u003emodelcontextprotocol/python-sdk#1654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport client_credentials flow with JWT and Basic auth by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1663\"\u003emodelcontextprotocol/python-sdk#1663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: backwards-compatible create_message overloads for SEP-1577 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1713\"\u003emodelcontextprotocol/python-sdk#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-enable DNS rebinding protection for localhost servers by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e  (d3a184119e4479ea6a63590bc41f01dc06e3fa99)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ehttps://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99\"\u003e\u003ccode\u003ed3a1841\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/fa851d93a2036a37cce73e098f7dbc80a6c48765\"\u003e\u003ccode\u003efa851d9\u003c/code\u003e\u003c/a\u003e feat: backwards-compatible create_message overloads for SEP-1577 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1713\"\u003e#1713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f82b0c937178815c1e96460455778578050c6d1a\"\u003e\u003ccode\u003ef82b0c9\u003c/code\u003e\u003c/a\u003e Support client_credentials flow with JWT and Basic auth (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1663\"\u003e#1663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/281fd4765e0fc2efaf2039d248c3bc0698416a8a\"\u003e\u003ccode\u003e281fd47\u003c/code\u003e\u003c/a\u003e Add SSE polling support (SEP-1699) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/2cd178a962ab454e3add228ecd721784b7b36e99\"\u003e\u003ccode\u003e2cd178a\u003c/code\u003e\u003c/a\u003e Add on_session_created callback option (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1710\"\u003e#1710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/c92bb2f7ffaa61813d7cc350887f4ece38307769\"\u003e\u003ccode\u003ec92bb2f\u003c/code\u003e\u003c/a\u003e SEP-1686: Tasks (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/5983a650cc07d2dc6c6ba098e99d3545889157a9\"\u003e\u003ccode\u003e5983a65\u003c/code\u003e\u003c/a\u003e Skip empty SSE data to avoid parsing errors (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/02b78899296ce3631565345501e3d956b83ffe94\"\u003e\u003ccode\u003e02b7889\u003c/code\u003e\u003c/a\u003e Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/27279bc157cbc03f7fe7758fd55a4b34c5652f42\"\u003e\u003ccode\u003e27279bc\u003c/code\u003e\u003c/a\u003e Update doc string on custom_route (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f22501315eab5b8358c603ac7f730f77bb09e4c4\"\u003e\u003ccode\u003ef225013\u003c/code\u003e\u003c/a\u003e feat: implement SEP-991 URL-based client ID (CIMD) support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1652\"\u003e#1652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 3.5.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.5.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.0.0 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/cod...\n\n_Description has been truncated_","html_url":"https://github.com/adrianwedd/agent-zero/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/adrianwedd%2Fagent-zero/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-13T07:26:16.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4435808055","node_id":"PR_kwDOPH0zDM7bAf0s","number":44,"state":"open","title":"chore(deps): bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":6,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-13T07:26:16.000Z","updated_at":"2026-05-13T07:27:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/imShakil/pacli/pull/44","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/imShakil%2Fpacli/issues/44","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/44/packages"}},{"old_version":"\u003e=4.0","new_version":"\u003e=5.0.0","update_type":null,"path":null,"pr_created_at":"2026-05-12T04:49:12.000Z","version_change":"\u003e=4.0 → \u003e=5.0.0","issue":{"uuid":"4426287980","node_id":"PR_kwDORUQzts7ahpIl","number":77,"state":"open","title":"chore(deps): update paramiko requirement from \u003e=4.0 to \u003e=5.0.0","user":"dependabot[bot]","labels":["security"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T04:49:12.000Z","updated_at":"2026-05-12T04:49:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"paramiko","old_version":"\u003e=4.0","new_version":"\u003e=5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Updates the requirements on [paramiko](https://github.com/paramiko/paramiko) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ToastyToast25/sims4-updater/pull/77","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ToastyToast25%2Fsims4-updater/issues/77","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/77/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-12T01:27:21.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4425477399","node_id":"PR_kwDOLUZHI87afD1j","number":474,"state":"open","title":"Bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["python","dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T01:27:21.000Z","updated_at":"2026-05-12T01:28:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/edwardtheharris/dotfiles/pull/474","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/edwardtheharris%2Fdotfiles/issues/474","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/474/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-12T00:12:01.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4425200543","node_id":"PR_kwDODfw7tM7aeK-n","number":6076,"state":"open","title":"build(deps): bump the uv group across 6 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","no-pr-activity","authorized","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-12T00:12:01.000Z","updated_at":"2026-06-14T19:34:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":6,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"pip","old_version":"26.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the uv group with 1 update in the /docker/base/v1 directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 1 update in the /docker/base/v2 directory: [urllib3](https://github.com/urllib3/urllib3).\nBumps the uv group with 4 updates in the /docker/pytorch/cpu directory: [urllib3](https://github.com/urllib3/urllib3), [paramiko](https://github.com/paramiko/paramiko), [pip](https://github.com/pypa/pip) and [python-multipart](https://github.com/Kludex/python-multipart).\nBumps the uv group with 5 updates in the /docker/pytorch/cuda directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `4.0.0` | `5.0.0` |\n| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.27` |\n\nBumps the uv group with 1 update in the /docker/ray directory: [pip](https://github.com/pypa/pip).\nBumps the uv group with 4 updates in the /docker/xgboost directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [paramiko](https://github.com/paramiko/paramiko) and [protobuf](https://github.com/protocolbuffers/protobuf).\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/26.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6d1d6892a6b01b25da6f3e7b097e8e06c57fb250\"\u003e\u003ccode\u003e6d1d689\u003c/code\u003e\u003c/a\u003e Version 0.0.27 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/272\"\u003e#272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0b10220b1555af068a2bc8b198022b1ae238200f\"\u003e\u003ccode\u003e0b10220\u003c/code\u003e\u003c/a\u003e Run CI on main branch pull requests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/271\"\u003e#271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911\"\u003e\u003ccode\u003e3e64f5f\u003c/code\u003e\u003c/a\u003e Add multipart header limits (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/eb109cc4eb8174f2a7efc1ba894b1bf6425c0b14\"\u003e\u003ccode\u003eeb109cc\u003c/code\u003e\u003c/a\u003e Pass parse offsets via constructors (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/78e29abb9a339598975beee093a770ec3033f76d\"\u003e\u003ccode\u003e78e29ab\u003c/code\u003e\u003c/a\u003e Bump pytest from 9.0.2 to 9.0.3 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/266\"\u003e#266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b2ddd0982bdf0fe852e4f3baa12122d2827af46c\"\u003e\u003ccode\u003eb2ddd09\u003c/code\u003e\u003c/a\u003e fuzz: Enhance fuzzing capabilities with new chunked and boundary tests (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/264\"\u003e#264\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f2...\n\n_Description has been truncated_","html_url":"https://github.com/aws/deep-learning-containers/pull/6076","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws%2Fdeep-learning-containers/issues/6076","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6076/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-11T22:53:10.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4424853266","node_id":"PR_kwDOAjzavs7adCSF","number":5450,"state":"open","title":"Build(deps): Bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T22:53:10.000Z","updated_at":"2026-05-11T23:00:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Netflix/lemur/pull/5450","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Netflix%2Flemur/issues/5450","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5450/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":"/docker/tidy","pr_created_at":"2026-05-11T22:08:20.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4424633934","node_id":"PR_kwDOCZ34ec7acVt1","number":44362,"state":"closed","title":"Bump paramiko from 4.0.0 to 5.0.0 in /docker/tidy","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-13T05:12:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T22:08:20.000Z","updated_at":"2026-05-13T05:12:48.000Z","time_to_close":111866,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/docker/tidy","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/demisto/dockerfiles/pull/44362","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/demisto%2Fdockerfiles/issues/44362","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/44362/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-11T18:43:36.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4423382488","node_id":"PR_kwDORWyoVM7aYO48","number":47,"state":"closed","title":"Bump the uv group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-21T08:11:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T18:43:36.000Z","updated_at":"2026-05-21T08:11:28.000Z","time_to_close":826062,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":2,"packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the /gitlab directory: [paramiko](https://github.com/paramiko/paramiko) and [urllib3](https://github.com/urllib3/urllib3).\n\nUpdates `paramiko` from 4.0.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.6.3 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.6.3...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pamosima/netops-stack/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pamosima/netops-stack/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pamosima%2Fnetops-stack/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"4.0.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-10T18:34:32.000Z","version_change":"4.0.0 → 5.0.0","issue":{"uuid":"4416469988","node_id":"PR_kwDOSGfDCM7aB_0h","number":120,"state":"open","title":"chore(deps): bump paramiko from 4.0.0 to 5.0.0","user":"dependabot[bot]","labels":["Review effort 1/5"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T18:34:32.000Z","updated_at":"2026-05-10T18:36:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"paramiko","old_version":"4.0.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"### **User description**\nBumps [paramiko](https://github.com/paramiko/paramiko) from 4.0.0 to 5.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/4.0.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=4.0.0\u0026new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\n___\n\n### **PR Type**\nOther\n\n\n___\n\n### **Description**\n- paramiko 4.0.0에서 5.0.0으로 메이저 버전 업데이트\n\n- `collector/requirements.txt` 프로덕션 의존성 버전 변경\n\n\n___\n\n\n\n\u003cdetails\u003e \u003csummary\u003e\u003ch3\u003e File Walkthrough\u003c/h3\u003e\u003c/summary\u003e\n\n\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003e\u003c/th\u003e\u003cth align=\"left\"\u003eRelevant files\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eDependencies\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003ctable\u003e\n\u003ctr\u003e\n  \u003ctd\u003e\n    \u003cdetails\u003e\n      \u003csummary\u003e\u003cstrong\u003erequirements.txt\u003c/strong\u003e\u003cdd\u003e\u003ccode\u003eparamiko 의존성 메이저 버전 5.0.0으로 업데이트\u003c/code\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/dd\u003e\u003c/summary\u003e\n\u003chr\u003e\n\ncollector/requirements.txt\n\n\u003cul\u003e\u003cli\u003eFortiGate SSH 연결용 paramiko 라이브러리 버전을 4.0.0에서 5.0.0으로 상향 조정\u003cbr\u003e \u003cli\u003e 프로덕션 의존성의 메이저 버전 업그레이드 반영\u003c/ul\u003e\n\n\n\u003c/details\u003e\n\n\n  \u003c/td\u003e\n  \u003ctd\u003e\u003ca href=\"https://github.com/jclee941/blacklist/pull/120/files#diff-b5b1d8398b9269ce1fc6b75ffaeca45070b31ff0f8b6424f77a34f3e37d6b7a6\"\u003e+1/-1\u003c/a\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/td\u003e\n\n\u003c/tr\u003e\n\u003c/table\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003c/details\u003e\n\n___\n\n","html_url":"https://github.com/jclee941/blacklist/pull/120","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jclee941%2Fblacklist/issues/120","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/120/packages"}},{"old_version":"3.4.0","new_version":"5.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-10T01:43:36.000Z","version_change":"3.4.0 → 5.0.0","issue":{"uuid":"4414336626","node_id":"PR_kwDOSZGdxc7Z7rEM","number":11,"state":"closed","title":"build(deps): bump the pip group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-10T20:08:58.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-10T01:43:36.000Z","updated_at":"2026-05-10T20:09:07.000Z","time_to_close":66322,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":7,"packages":[{"name":"pytest","old_version":"7.4.3","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"pymysql","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/PyMySQL/PyMySQL"},{"name":"python-dotenv","old_version":"1.0.0","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"pillow","old_version":"10.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"paramiko","old_version":"3.4.0","new_version":"5.0.0","repository_url":"https://github.com/paramiko/paramiko"},{"name":"scikit-learn","old_version":"1.4.0","new_version":"1.5.0","repository_url":"https://github.com/scikit-learn/scikit-learn"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 7 updates in the /04-配置文件 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.4.3` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [pymysql](https://github.com/PyMySQL/PyMySQL) | `1.1.0` | `1.1.1` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.0` | `1.2.2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `10.1.0` | `12.2.0` |\n| [paramiko](https://github.com/paramiko/paramiko) | `3.4.0` | `5.0.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.4.0` | `1.5.0` |\n\n\nUpdates `pytest` from 7.4.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.4.3...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymysql` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/releases\"\u003epymysql's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis release fixes a vulnerability (CVE-2024-36039).\nAll users are recommended to update to this version.\u003c/p\u003e\n\u003cp\u003eIf you can not update soon, check the input value from untrusted source has an expected type.\nOnly dict input from untrusted source can be an attack vector.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit dict parameter for \u003ccode\u003eCursor.execute()\u003c/code\u003e. It didn't produce valid SQL\nand might cause SQL injection. (CVE-2024-36039)\u003c/li\u003e\n\u003cli\u003eAdded ssl_key_password param by \u003ca href=\"https://github.com/svaskov\"\u003e\u003ccode\u003e@​svaskov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1145\"\u003ePyMySQL/PyMySQL#1145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMerged PRs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Python 3.12 by \u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1134\"\u003ePyMySQL/PyMySQL#1134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1136\"\u003ePyMySQL/PyMySQL#1136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate codecov/codecov-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1137\"\u003ePyMySQL/PyMySQL#1137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use codecov@v3 by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1142\"\u003ePyMySQL/PyMySQL#1142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dessant/lock-threads action to v5 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1141\"\u003ePyMySQL/PyMySQL#1141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: use rtd theme by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1143\"\u003ePyMySQL/PyMySQL#1143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003euse Ruff as formatter by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1144\"\u003ePyMySQL/PyMySQL#1144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency sphinx-rtd-theme to v2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1147\"\u003ePyMySQL/PyMySQL#1147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-python action to v5 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1152\"\u003ePyMySQL/PyMySQL#1152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1154\"\u003ePyMySQL/PyMySQL#1154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update codecov/codecov-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1158\"\u003ePyMySQL/PyMySQL#1158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport error packet without sqlstate by \u003ca href=\"https://github.com/methane\"\u003e\u003ccode\u003e@​methane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1160\"\u003ePyMySQL/PyMySQL#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest json - mariadb without JSON type by \u003ca href=\"https://github.com/grooverdan\"\u003e\u003ccode\u003e@​grooverdan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1165\"\u003ePyMySQL/PyMySQL#1165\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1134\"\u003ePyMySQL/PyMySQL#1134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/svaskov\"\u003e\u003ccode\u003e@​svaskov\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/pull/1145\"\u003ePyMySQL/PyMySQL#1145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md\"\u003epymysql's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003cp\u003eRelease date: 2024-05-21\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis release fixes a vulnerability (CVE-2024-36039).\nAll users are recommended to update to this version.\u003c/p\u003e\n\u003cp\u003eIf you can not update soon, check the input value from\nuntrusted source has an expected type. Only dict input\nfrom untrusted source can be an attack vector.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eProhibit dict parameter for \u003ccode\u003eCursor.execute()\u003c/code\u003e. It didn't produce valid SQL\nand might cause SQL injection. (CVE-2024-36039)\u003c/li\u003e\n\u003cli\u003eAdded ssl_key_password param. \u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1145\"\u003e#1145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/2cab9ecc641e962565c6254a5091f90c47f59b35\"\u003e\u003ccode\u003e2cab9ec\u003c/code\u003e\u003c/a\u003e v1.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c\"\u003e\u003ccode\u003e521e400\u003c/code\u003e\u003c/a\u003e forbid dict parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/7f032a699d55340f05101deb4d7d4f63db4adc11\"\u003e\u003ccode\u003e7f032a6\u003c/code\u003e\u003c/a\u003e remove coveralls from requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/69f6c7439bee14784e0ea70ae107af6446cc0c67\"\u003e\u003ccode\u003e69f6c74\u003c/code\u003e\u003c/a\u003e ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/b4ed6884a1105df0a27f948f52b3e81d5585634f\"\u003e\u003ccode\u003eb4ed688\u003c/code\u003e\u003c/a\u003e test json - mariadb without JSON type (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1165\"\u003e#1165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/bbd049f40db9c696574ce6f31669880042c56d79\"\u003e\u003ccode\u003ebbd049f\u003c/code\u003e\u003c/a\u003e Support error packet without sqlstate (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1160\"\u003e#1160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/9694747ae619e88b792a8e0b4c08036572452584\"\u003e\u003ccode\u003e9694747\u003c/code\u003e\u003c/a\u003e pyupgrade\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/1f0b7856de4008e7e4c1e8c1b215d5d4dfaecd1a\"\u003e\u003ccode\u003e1f0b785\u003c/code\u003e\u003c/a\u003e chore(deps): update codecov/codecov-action action to v4 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1158\"\u003e#1158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/1e28be81c24dde66f8acbf4c5e24f60d6b5e72e7\"\u003e\u003ccode\u003e1e28be8\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v3 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyMySQL/PyMySQL/commit/f13f054abcc18b39855a760a84be0a517f0da658\"\u003e\u003ccode\u003ef13f054\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-python action to v5 (\u003ca href=\"https://redirect.github.com/PyMySQL/PyMySQL/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pillow` from 10.1.0 to 12.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003epillow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e12.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\"\u003ehttps://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 12.2.0 release notes \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9482\"\u003e#9482\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Python versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9515\"\u003e#9515\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eJeffrey A. Clark -\u0026gt; Jeffrey 'Alex' Clark \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9513\"\u003e#9513\u003c/a\u003e [\u003ca href=\"https://github.com/aclark4life\"\u003e\u003ccode\u003e@​aclark4life\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd release notes for \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9394\"\u003e#9394\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9419\"\u003e#9419\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9456\"\u003e#9456\u003c/a\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9467\"\u003e#9467\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd Amiga Workbench .info loader to 3rd party plugins list \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9459\"\u003e#9459\u003c/a\u003e [\u003ca href=\"https://github.com/bitplane\"\u003e\u003ccode\u003e@​bitplane\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMerge PFM documentation into PPM \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9434\"\u003e#9434\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eFix CVE number \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9430\"\u003e#9430\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate xz to 5.8.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9523\"\u003e#9523\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libjpeg-turbo to 3.1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9507\"\u003e#9507\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libpng to 1.6.56 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9499\"\u003e#9499\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.3 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9485\"\u003e#9485\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libavif to 1.4.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9479\"\u003e#9479\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated harfbuzz to 13.2.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9461\"\u003e#9461\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate harfbuzz to 13.0.1 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9453\"\u003e#9453\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate libavif to 1.4.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9460\"\u003e#9460\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate freetype to 2.14.2 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9449\"\u003e#9449\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate actions/download-artifact action to v8 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9451\"\u003e#9451\u003c/a\u003e [@\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdated libpng to 1.6.55 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9425\"\u003e#9425\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTesting\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCleanup .spider extension in the same test where it is added \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9517\"\u003e#9517\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eRun tests in parallel via tox for 3.5x speedup \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9516\"\u003e#9516\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eEnable colour in CI logs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9486\"\u003e#9486\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate Ghostscript to 10.7.0 \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9469\"\u003e#9469\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSimplify TGA test code \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9477\"\u003e#9477\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate tests to check for ValueError when encoding an empty image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9464\"\u003e#9464\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpgrade CI from \u003ccode\u003emacos-15-intel\u003c/code\u003e to \u003ccode\u003emacos-26-intel\u003c/code\u003e \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9454\"\u003e#9454\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eAdd check-case-conflict hook \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9446\"\u003e#9446\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eSpecify platform when pulling docker image \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9440\"\u003e#9440\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eGHA: Cache libavif and webp builds for Ubuntu \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9437\"\u003e#9437\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eUpdate macOS tested Pillow versions \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9431\"\u003e#9431\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck calloc return value \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eCheck all allocs in the Arrow tree \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e [\u003ca href=\"https://github.com/wiredfool\"\u003e\u003ccode\u003e@​wiredfool\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eReject non-numeric elements inside list coords \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e [\u003ca href=\"https://github.com/hugovk\"\u003e\u003ccode\u003e@​hugovk\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003cli\u003eMove variable declaration inside define \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e [\u003ca href=\"https://github.com/radarhere\"\u003e\u003ccode\u003e@​radarhere\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst\"\u003epillow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog (Pillow)\u003c/h1\u003e\n\u003ch2\u003e11.1.0 and newer\u003c/h2\u003e\n\u003cp\u003eSee GitHub Releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/releases\"\u003ehttps://github.com/python-pillow/Pillow/releases\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e11.0.0 (2024-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate licence to MIT-CMU \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8460\"\u003e#8460\u003c/a\u003e\n[hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eConditionally define ImageCms type hint to avoid requiring core \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8197\"\u003e#8197\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport writing LONG8 offsets in AppendingTiffWriter \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8417\"\u003e#8417\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImageFile.MAXBLOCK when saving TIFF images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8461\"\u003e#8461\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDo not close provided file handles with libtiff when saving \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8458\"\u003e#8458\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport ImageFilter.BuiltinFilter for I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8438\"\u003e#8438\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse ImagingCore.ptr instead of ImagingCore.id \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8341\"\u003e#8341\u003c/a\u003e\n[homm, radarhere, hugovk]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated EPS mode when opening images without transparency \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8281\"\u003e#8281\u003c/a\u003e\n[Yay295, radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUse transparency when combining P frames from APNGs \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8443\"\u003e#8443\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport all resampling filters when resizing I;16* images \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8422\"\u003e#8422\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFree memory on early return \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8413\"\u003e#8413\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCast int before potentially exceeding INT_MAX \u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/8402\"\u003e#8402\u003c/a\u003e\n[radarhere]\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f\"\u003e\u003ccode\u003e3c41c09\u003c/code\u003e\u003c/a\u003e 12.2.0 version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460\"\u003e\u003ccode\u003ecdaa29e\u003c/code\u003e\u003c/a\u003e Check calloc return value (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9527\"\u003e#9527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be\"\u003e\u003ccode\u003e585b2f5\u003c/code\u003e\u003c/a\u003e Check calloc return value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1\"\u003e\u003ccode\u003eecf011e\u003c/code\u003e\u003c/a\u003e Check all allocs in the Arrow tree (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9488\"\u003e#9488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670\"\u003e\u003ccode\u003ecf6de8c\u003c/code\u003e\u003c/a\u003e Reject non-numeric elements inside list coords (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9526\"\u003e#9526\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64\"\u003e\u003ccode\u003effdcede\u003c/code\u003e\u003c/a\u003e Update 12.2.0 release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9522\"\u003e#9522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c\"\u003e\u003ccode\u003e7929d77\u003c/code\u003e\u003c/a\u003e Added security release notes (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c\"\u003e\u003ccode\u003ec4f7aa5\u003c/code\u003e\u003c/a\u003e Added security release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f\"\u003e\u003ccode\u003e22cdb5f\u003c/code\u003e\u003c/a\u003e Move variable declaration inside define (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9525\"\u003e#9525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057\"\u003e\u003ccode\u003efc15b3b\u003c/code\u003e\u003c/a\u003e Resize tall images vertically first (\u003ca href=\"https://redirect.github.com/python-pillow/Pillow/issues/9524\"\u003e#9524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-pillow/Pillow/compare/10.1.0...12.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `paramiko` from 3.4.0 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/710cc5c02e2ded370d8d24e261e2baa8317a20fa\"\u003e\u003ccode\u003e710cc5c\u003c/code\u003e\u003c/a\u003e What's a few weeks between friends?\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/ea93c5951ce1e1442be18c718c2dcc4fd8da7519\"\u003e\u003ccode\u003eea93c59\u003c/code\u003e\u003c/a\u003e Fix up Ed25519Key so it has non-erroring repr() during fatal errors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/5b90ef9fbc774658879223e012235914d65c657b\"\u003e\u003ccode\u003e5b90ef9\u003c/code\u003e\u003c/a\u003e ruff/isort\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/f3864b69346c853be6709f9b3f5f6a71c61e2e1a\"\u003e\u003ccode\u003ef3864b6\u003c/code\u003e\u003c/a\u003e Changelog fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/acd4bc1dee5a594a3534b6d76f7dfc6ebd55f71b\"\u003e\u003ccode\u003eacd4bc1\u003c/code\u003e\u003c/a\u003e Replace hardcoded PEM format in PKey.write* with new parameter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/6fa15569100fc222af4153f763d19620d64d9e4f\"\u003e\u003ccode\u003e6fa1556\u003c/code\u003e\u003c/a\u003e Bump group-exchange kex min_bits to 2048\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/eb87ad3b241c08994a032c539ea8e1c51d544cea\"\u003e\u003ccode\u003eeb87ad3\u003c/code\u003e\u003c/a\u003e Fix some tests that were incorrectly passing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/1ecc933b34510525aee8cad9956c3b8e642783ec\"\u003e\u003ccode\u003e1ecc933\u003c/code\u003e\u003c/a\u003e Remove GSSAPI support :(\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/9bf5fcae57e6ca995275037eea9d6305f70d7cdb\"\u003e\u003ccode\u003e9bf5fca\u003c/code\u003e\u003c/a\u003e Remove SHA1-based (non-GSS) kex methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/b8f75c7cd19d5c26220737c66498e5066af239b7\"\u003e\u003ccode\u003eb8f75c7\u003c/code\u003e\u003c/a\u003e Lintin' ain't easy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.4.0...5.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.4.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.5.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.5.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.5.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.5.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.2\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.2 release.\u003c/p\u003e\n\u003cp\u003eThis release only includes support for numpy 2.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eScikit-learn 1.4.1.post1\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.4.1.post1 release.\u003c/p\u003e\n\u003cp\u003eYou can see the changelog here: \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.9 to 3.12.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b51d0c9648241d1fd53dc9151689f62a61633a3d\"\u003e\u003ccode\u003eb51d0c9\u003c/code\u003e\u003c/a\u003e trigger whell builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/919ae9bf72554a180baa3d8f4537b49c730b7580\"\u003e\u003ccode\u003e919ae9b\u003c/code\u003e\u003c/a\u003e MAINT Reoder what's new for 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29039\"\u003e#29039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/0ac28ade871ca71a89a71c834a7b47829b075829\"\u003e\u003ccode\u003e0ac28ad\u003c/code\u003e\u003c/a\u003e DOC Release highlights 1.5 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29007\"\u003e#29007\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/729b54d5af208432f788ae7945842f0cf597bd36\"\u003e\u003ccode\u003e729b54d\u003c/code\u003e\u003c/a\u003e test py3.12 against numpy 2 [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/1e50434f18275bb8727c2a2e24cb953db143d8a5\"\u003e\u003ccode\u003e1e50434\u003c/code\u003e\u003c/a\u003e set version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ffbe4ab45bd9a113737231721fa2f55a70f3d0ab\"\u003e\u003ccode\u003effbe4ab\u003c/code\u003e\u003c/a\u003e DOC remove obsolete SVM example (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/27108\"\u003e#27108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4647729e5ee8c46e4fedace2d3c50c37f0a6693d\"\u003e\u003ccode\u003e4647729\u003c/code\u003e\u003c/a\u003e DOC Fix time complexity of MLP (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28592\"\u003e#28592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/9bd7047b4a6c673bcfd2911997f124e265f8ad57\"\u003e\u003ccode\u003e9bd7047\u003c/code\u003e\u003c/a\u003e FIX convergence criterion of MeanShift (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/28951\"\u003e#28951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/b79420f1c2e82d814dec8026e96421751bfc9c96\"\u003e\u003ccode\u003eb79420f\u003c/code\u003e\u003c/a\u003e FIX add long long for int32/int64 windows compat in NumPy 2.0 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/29029\"\u003e#29029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/37f544db78503ed1a50da02cbb4f1a4e466fb0a7\"\u003e\u003ccode\u003e37f544d\u003c/code\u003e\u003c/a\u003e DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.4.0...1.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Wool-xing/Test-Agent/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Wool-xing/Test-Agent/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Wool-xing%2FTest-Agent/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"3.5.1","new_version":"4.0.0","update_type":"major","path":"/plugins/evidence","pr_created_at":"2026-05-09T04:01:43.000Z","version_change":"3.5.1 → 4.0.0","issue":{"uuid":"4411019671","node_id":"PR_kwDOKqBlQc7ZxYdM","number":344,"state":"open","title":"chore(deps-dev): bump paramiko from 3.5.1 to 4.0.0 in /plugins/evidence","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T04:01:43.000Z","updated_at":"2026-05-09T04:03:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev)","packages":[{"name":"paramiko","old_version":"3.5.1","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/plugins/evidence","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 3.5.1 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/paramiko/paramiko/compare/3.5.1...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=3.5.1\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CybercentreCanada/howler/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/CybercentreCanada/howler/pull/344","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CybercentreCanada%2Fhowler/issues/344","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/344/packages"}},{"old_version":"2.12.0","new_version":"4.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-09T01:19:37.000Z","version_change":"2.12.0 → 4.0.0","issue":{"uuid":"4410470248","node_id":"PR_kwDOAWv0gc7Zvkxf","number":1381,"state":"open","title":"Bump paramiko from 2.12.0 to 4.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T01:19:37.000Z","updated_at":"2026-05-10T01:20:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"2.12.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.12.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/2.12.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=2.12.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/scalyr/scalyr-agent-2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/scalyr/scalyr-agent-2/pull/1381","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/scalyr%2Fscalyr-agent-2/issues/1381","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1381/packages"}},{"old_version":"2.8.0","new_version":"4.0.0","update_type":"major","path":null,"pr_created_at":"2026-05-09T01:05:59.000Z","version_change":"2.8.0 → 4.0.0","issue":{"uuid":"4410416070","node_id":"PR_kwDOA6E0bc7ZvY8V","number":7,"state":"closed","title":"Bump paramiko from 2.8.0 to 4.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-10T12:02:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T01:05:59.000Z","updated_at":"2026-05-10T12:02:45.000Z","time_to_close":125803,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"2.8.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":null,"ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.8.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/2.8.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=2.8.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cloud-bulldozer/browbeat/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/cloud-bulldozer/browbeat/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloud-bulldozer%2Fbrowbeat/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"2.12.0","new_version":"4.0.0","update_type":"major","path":"/python","pr_created_at":"2026-05-08T23:28:44.000Z","version_change":"2.12.0 → 4.0.0","issue":{"uuid":"4410042286","node_id":"PR_kwDOQ0lgx87ZuJE1","number":106,"state":"open","title":"Bump paramiko from 2.12.0 to 4.0.0 in /python","user":"dependabot[bot]","labels":["dependencies","python","stale"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T23:28:44.000Z","updated_at":"2026-06-06T03:01:19.732Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"2.12.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/python","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.12.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/2.12.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=2.12.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/heygen-com/ray/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/heygen-com/ray/pull/106","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/heygen-com%2Fray/issues/106","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/106/packages"}},{"old_version":"1.10.0","new_version":"4.0.0","update_type":"major","path":"/testing/mozharness","pr_created_at":"2026-05-08T23:17:26.000Z","version_change":"1.10.0 → 4.0.0","issue":{"uuid":"4409996780","node_id":"PR_kwDOCDmCAs7Zt_WC","number":34,"state":"closed","title":"Bump paramiko from 1.10.0 to 4.0.0 in /testing/mozharness","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T01:13:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T23:17:26.000Z","updated_at":"2026-05-09T01:13:22.000Z","time_to_close":6948,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"paramiko","old_version":"1.10.0","new_version":"4.0.0","repository_url":"https://github.com/paramiko/paramiko"}],"path":"/testing/mozharness","ecosystem":"pip"},"body":"Bumps [paramiko](https://github.com/paramiko/paramiko) from 1.10.0 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/aad0370db9fd5c22064a673c9602fc48314eb6f4\"\u003e\u003ccode\u003eaad0370\u003c/code\u003e\u003c/a\u003e Cut 4.0.0 in changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/76f24062b2c1c23175d63797cefb3cdf33e79745\"\u003e\u003ccode\u003e76f2406\u003c/code\u003e\u003c/a\u003e Speling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/8c4277c49c5b3bf0d249efb2d6c376e364197c1f\"\u003e\u003ccode\u003e8c4277c\u003c/code\u003e\u003c/a\u003e Fix syntax-warning-throwing unittest method call\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/d3a96174db381fd3f068b41813c8423aff56bd85\"\u003e\u003ccode\u003ed3a9617\u003c/code\u003e\u003c/a\u003e Test existence of root module dunder version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/957970067888f573866bd45d7378cba8daee6cde\"\u003e\u003ccode\u003e9579700\u003c/code\u003e\u003c/a\u003e Nuke mentions of specific Python 3.x versions from docs etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/dbfd52c50594164ed0cb884d90b1009bf48fccc6\"\u003e\u003ccode\u003edbfd52c\u003c/code\u003e\u003c/a\u003e Administrivia update: Python\u0026gt;=3.9, pyproject.toml, etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/c2ba378ef2ea767bb2de47559e18324955f1ad13\"\u003e\u003ccode\u003ec2ba378\u003c/code\u003e\u003c/a\u003e Remove outdated version check in GSS module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/2af0dd788d8e97dff51212baed2d870abf3b38eb\"\u003e\u003ccode\u003e2af0dd7\u003c/code\u003e\u003c/a\u003e I'm good at my job, honest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/e534b1abcfe5dd286988d0b347b84a0b902f7461\"\u003e\u003ccode\u003ee534b1a\u003c/code\u003e\u003c/a\u003e Fixes \u003ca href=\"https://redirect.github.com/paramiko/paramiko/issues/973\"\u003e#973\u003c/a\u003e: remove DSA/DSS support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/paramiko/paramiko/commit/3523febe92693916b329085c58d9058fab10290c\"\u003e\u003ccode\u003e3523feb\u003c/code\u003e\u003c/a\u003e Tweak .gitignore to more safely ignore top level docs/\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/paramiko/paramiko/compare/1.10.0...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=paramiko\u0026package-manager=pip\u0026previous-version=1.10.0\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/roytam1/fx-vc2013/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/roytam1/fx-vc2013/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/roytam1%2Ffx-vc2013/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}}]}